Abstract
The Internet has come a long way from its humble beginnings of being used as a simple
way of transporting data within the US army and other academic organizations. With the
exploding growth of the Internet and the World Wide Web or WWW more and more
people and companies are not only providing services via the WWW but are also
conducting business transactions.
In today’s Web-based environment where individuals and organizations are conducting
business online, it is imperative that the technologies that are being utilized are secure in
every way.
It is important that any individual or organization that wants to protect their data in one
form or another adhere to the five (5) basic security services. These security services
are Identification and Authentication, Authorization, Confidentiality, Integrity and
Non-repudiation
This study looks at two Web-based technologies, namely XML and XML Web services
and provides an evaluation of whether or not the 5 security services form part of the
security surrounding these Web-based technologies.
Part 1 is divided into three chapters. Chapter 1, is an Introduction and roadmap to
the dissertation. This chapter provides an introduction to the dissertation. Chapter 2
provides an Overview of XML. The reader must not view this chapter as a technical
chapter. It is simply a chapter that provides the reader with an understanding of XML so
that the reader is able to understand the chapter surrounding XML security. Chapter 3
provides an Overview of Web services. Again the reader must not view this chapter as
a technical chapter and as in chapter 2 this chapter must be seen as an overview
providing the reader with a broad picture of what Web services is. A lot of technical
background and know how has not been included in these two chapters.
Part 2 is divided into a further three chapters. Chapter 4 is titled Computer Security
and provides the reader with a basic understanding surrounding security in general. The
5 security services are introduced in more detail and the important mechanisms and
aspects surrounding security are explained. Chapter 5 looks at how XML and Web
services are integrated. This is a short chapter with diagrams that illustrate how
closely XML and Web services are interwoven. Chapter 6 is the most important chapter
of the dissertation. This chapter is titled XML and Web services security. This chapter
provides the reader with an understanding of the various XML mechanisms that form
part of the Web services environment, thus providing security in the form of the 5
security services. Each XML mechanism is discussed and each security service is
discussed in relation to these various mechanisms. This is all within the context of the
Web services environment. The chapter concludes with a table that summarizes each
security service along with its corresponding XML mechanism.
Part 3 includes one chapter. Chapter 7 is titled Mapping XML and Web services
against the 5 security services. This chapter makes use of the information from the
previous chapter and provides a summary in the form of a table. This table identifies
each security service and looks at the mechanisms that provide that service within a
Web services environment.
Part 4 provides a conclusion to the dissertation. Chapter 8 is titled Conclusion and
provides a summary of each preceding chapter. This chapter also provides a conclusion
and answers the question of whether or not the 5 information security services are
integrated into XML and Web services.
von Solms, S.H., Prof.