Title: WS-I* compliant web service SOAP message security performance

Authors: Gerard McHale; John O'Raw; Kevin Curran

Addresses: Department of Computing, Letterkenny Institute of Technology, Letterkenny, Ireland ' Department of Computing, Letterkenny Institute of Technology, Letterkenny, Ireland ' Faculty of Computing and Engineering, University of Ulster, Derry BT48 7JK, Northern Ireland

Abstract: The OASIS web services security (WSS) standard has been developed to provide encryption and digital signing for SOAP messaging to ensure the information in the message is confidential and that the sender and receiver are who they say they are. It has also introduced interoperability and performance problems. Interoperability has been improved with the introduction of the WS-I* Basic and Basic Security Profiles. New web stacks such as Apache CXF have attempted to address performance issues. The purpose of this research is to investigate the performance impacts of securing WS-I* compliant SOAP messages when using the Apache CXF web service framework. We measured the performance impact of WS-Security and WS-SecureConversation under different conditions and using various WS-I* compliant cryptographic algorithms. We found that WS-SecureConversation is the better option when sending a large number of messages but for a small number of large messages WS-Security can sometimes be the better option.

Keywords: web services security; WS-I* Basic; SOAP; WS-Security; Apache CXF; interoperability; encryption; digital signatures; performance impact; cryptography.

DOI: 10.1504/IJWS.2012.052533

International Journal of Web Science, 2012 Vol.1 No.4, pp.291 - 314

Received: 15 May 2012
Accepted: 19 Oct 2012

Published online: 10 Mar 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article