A Novel Application of Digital Signatures in a
Web Services-Enabled Business Process
by TAN Kar Way
| Speaker: |  TAN Kar Way PhD Candidate & Instructor School of Information Systems Singapore Management University |
Date: Time: Venue: |
23 May 2008 (Friday)
|
|
Please register your attendance. |
Abstract
Web Services have been gaining popularity due to the ability to support interoperability for system-to-system interactions using standard protocols over a network. In a typical business process, business documents (e.g., purchase orders) may be encapsulated in Simple Object Access Protocol (SOAP) messages, travel through multiple intermediaries before reaching the final destinations. Each intermediary may add or modify the SOAP messages.
The WS-Security defines the use of XML digital signature to provide integrity protection by allowing portions of the SOAP message to be signed. Each intermediary can then sign each modification. This method however, has overlooked the situations when the intermediaries may not be fully trusted by the final receiving system to make the changes. It also does not allow the originating system to control which intermediary is authorized to change which portion of the data.
In this talk, we will evaluate and apply the vanilla XML signature scheme to a real-world business process and then propose a model to apply sanitizable signature scheme to better suit the integrity protection needs of the business process. Finally, we will also show how both signature schemes can co-exist and be incorporated into the existing WS-Security standards.
Biography
Tan Kar Way is a part-time PhD candidate and Instructor in the School of Information Systems, Singapore Management University. Her general research interests are in applied research in the domain of business process management and services computing.