Authors: Gerard McHale; John O'Raw; Kevin Curran
Addresses: Department of Computing, Letterkenny Institute of Technology, Letterkenny, Ireland ' Department of Computing, Letterkenny Institute of Technology, Letterkenny, Ireland ' Faculty of Computing and Engineering, University of Ulster, Derry BT48 7JK, Northern Ireland
Abstract: The OASIS web services security (WSS) standard has been developed to provide encryption and digital signing for SOAP messaging to ensure the information in the message is confidential and that the sender and receiver are who they say they are. It has also introduced interoperability and performance problems. Interoperability has been improved with the introduction of the WS-I* Basic and Basic Security Profiles. New web stacks such as Apache CXF have attempted to address performance issues. The purpose of this research is to investigate the performance impacts of securing WS-I* compliant SOAP messages when using the Apache CXF web service framework. We measured the performance impact of WS-Security and WS-SecureConversation under different conditions and using various WS-I* compliant cryptographic algorithms. We found that WS-SecureConversation is the better option when sending a large number of messages but for a small number of large messages WS-Security can sometimes be the better option.
Keywords: web services security; WS-I* Basic; SOAP; WS-Security; Apache CXF; interoperability; encryption; digital signatures; performance impact; cryptography.
International Journal of Web Science, 2012 Vol.1 No.4, pp.291 - 314
Received: 15 May 2012
Accepted: 19 Oct 2012
Published online: 10 Mar 2013 *