A framework for enhancing web services security

The applicability of the security protocols, such as WS-Security, WS-Trust, WS-SecureConversation, WS-Federation, WS-Authorization, and WS-SecurityPolicy, is limited as they only protect SOA (Service Oriented Architecture) communication between two trusted parties with an established security association. The pervasiveness of web services and SOAP API that can be invoked by anonymous consumers introduces security vulnerabilities are not addressed by the existing standards. In this paper, an Integrated Application and Protocol-based Framework is proposed to tackle the existing WS security problems. The proposed IAPF techniques are envisioned to be a part of the design and implementation structure of a web service endpoint within the application and transaction handling logic of the SOAP/web service producer. These techniques will empower application level web services developers to design and implement SOA producers to the IAPF standard to firstly prevent DoS and DDoS based attacks and secondly mitigate the effects of these attacks.