An XML-based approach to combine firewalls and web services security specifications

The Web Services Architecture (WSA) defines a comprehensive model for service-oriented interactions among endpoints over a private network or the Internet. Since the many opportunities for better interacting services and the provision of richer functionality, crossing the boundary of organizations many standard proposals addressing different aspects of such interaction model are appearing. In this paper, we analyze the security requirements of the WSA and observe that the security model currently developed is not sufficient. In particular, we claim that many aspects related to network security and the integration of firewalls into the WSA have been underestimated. We show with different examples the usefulness of a semantics-aware firewall operating both at SOAP level and at lower network-based layers. We analyze, under this perspective, the impact on security that recently proposed stateful SOAP-based protocols could have, and describe how asynchronous protocols could pose high security risks on both service providers and service requesters. This drives us to the conclusion that, if security is an enabling factor for the success of Web service technologies, then perimetral security and firewall technology should be both fully supported into the WSA and improved to satisfy the requirements of the service-oriented interaction.