Challenges of testing Web services and security in SOA implementations

Test and Analysis of Web Services

Volumn , Issue , 2007, Pages 395-440

  Barbir, Abbie ^a   Hobbs, Chris ^a   Bertino, Elisa ^b   Hirsch, Frederick ^c   Martino, Lorenzo ^d  

^a NORTEL NETWORKS   (Canada)

^b Purdue University   (United States)

^c NOKIA RESEARCH CENTER   (United States)

^d PURDUE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 57749194214     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-3-540-72912-9_14     Document Type: Chapter

References (65)

1. OASIS eXtensible Access Control Markup Language 2 (XACML) Version 2.0 OASIS Standard, 1 Feb 2005
2. M. Mecella, M. Ouzzani, F. Paci, E. Bertino. Access Control Enforcement for Conversational-based Services. Proceedings of 2006 WWW Conference, Edimburgh, Scotland, May 23-26, 2006
3. N. Damianou, N. Dulay, E. Lupu and M. Sloman. The Ponder Policy Specification Language. Proceedings of the 2nd IEEE International Workshop on Policies for Distributed Systems and Networks, 2001
4. T. Yu, M. Winslett, K. Seamons. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security, Vol. 6, No. 1, February 2003
5. E. Bertino, E. Ferrari, A.C. Squicciarini. X-TNL: An XML-based Language for Trust Negotiations. Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, 2003
6. E.Bertino, A.C. Squicciarini, L.Martino, F. Paci. An Adaptive Access Control Model for Web Services. International Journal of Web Service Research, (3), 27-60 July-September 2006
7. E.Bertino, B.Carminati, E.Ferrari. Merkle Tree Authentication in UDDI Registries. International Journal of Web Service Research, 1(2): 37-57(2004
8. E.Bertino, J.Crampton, F.Paci. Access Control and Authorization Constraints for WS-BPEL. Submitted for publication
9. OASIS Web Services Business Process Execution Language Version 2.0. Committee Specification, 31 January 2007
10. Schwarz, J, Bret Hartman B., Nadalin A, Kaler C., F. Hirsch, and Morrison S, Security Challenges, Threats and Countermeasures Version 1.0, WS-I, May, 2005, http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf
11. Barbir, A. Gudgin M and McIntosh M., Basic Security Profile Version 1.0, WS-I, May 2005, http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2004-05- 12.html
12. Nadalin, A., Kaler C., Hallam-Naker, P., Monzillo R., Web Services Security: SOAP Message Security 1.0, (WS-Security 2004), OASIS, March 2004, http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-messagesecurity-1. 0.pdf
13. Web Services Security: SOAP Message Security 1.1, (WS-Security 2004), OASIS, February 2006, http://www.oasis-open.org/committees/download.php /16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
14. Nadalin, A., Kaler C., Hallam-Naker, P., Monzillo R., Web Services Security: UsernameToken Profile 1.1,OASIS, February 2006, http://www.oasisopen. org/committees/download.php/16782/wss-v1.1-spec-os-Username Token-Profile.pdf
15. Nadalin, A., Kaler C., Hallam-Naker, P., Monzillo R., Web Services Security: X.509 Certificate Token Profile 1.1, OASIS, February 2006, http://www.oasis-open. org/committees/download. php/16785/wss-v1.1-specos- x509TokenProfile.pdf
16. Monzillo R., Kaler C., Nadalin A., Hallam-Naker, P., Web Services Security: SAML Token Profile 1.1, OASIS, February 2006, http://www.oasis-open. org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
17. Nadalin, A., Kaler C., Hallam-Naker, P., Monzillo R., Web Services Security: Kerberos Token Profile 1.1, OASIS, February 2006, http://www.oasis- open.org/committees/download.php/16788/wss-v1.1-specos-KerberosTokenProfile.pdf
18. Monzillo R., Kaler C., Nadalin A., Hallam-Naker, P., Web Services Security: Rights Expression Language (REL) Token Profile 1.1, OASIS, February 2006, http://www.oasis-open.org/committees/download.php/16687/oasis-wssrel- Token-profile-1.1.pdf
19. Hirsch, F., Web Services Security: SOAP Messages with Attachments (SwA) Profile 1.1, OASIS, February 2006, http://www.oasisopen. org/committees/ download.php/16672/wss-v1.1-spec-os-SwAProfile.pdf
20. Signature Syntax and Processing, W3C Recommendation February 2002, http://www.w3.org/TR/xmldsig-core/
21. XML Encryption Syntax and Processing, W3C Recommendation December 2002, http://www.w3.org/TR/xmlenc-core/
22. Nortel Unified Security Framework for corporate and government security, Nortel, http://www.nortel.com/solutions/security/collateral/nn104120-051705.pdf
23. SOAP Version 1.2 Part 1: Messaging Framework, W3C, June 2003, http://www.w3.org/TR/soap12-part1/
24. Simple Object Access Protocol (SOAP) 1.1, W3C Note, May 2000, http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
25. Rescorla E., HTTP Over TLS, RFC 2818, May 2000
26. Web Services Description Language (WSDL) 1.1, W3C Note 15 March 2001, http://www.w3.org/TR/wsdl
27. Bloomberg, J., Schmelzer, R, Service Orient or Be Doomed!: How Service Orientation Will Change Your Business, SBN: 0-471-79224-1, Wiley, May 2006
28. Boyer, J., Exclusive XML Canonicalization Version 1.0, W3C, July 2002, http://www.w3.org/TR/xml-exc-c14n/
29. Bray, T., Extensible Markup Language (XML) 1.0 (Third Edition), W3C, February 2004, http://www.w3.org/TR/REC-xml/
30. The Transport Layer Security (TLS) Protocol,Version 1.1, RFC 4346, April 2006
31. Demchenko, Y., Web Services and Grid Security Vulnerabilities and Threats Analysis and Model, Grid Computing Workshop, 2005
32. Nakamura, Y., Model-Driven Security Based on a Web Services Security Architecture, Proceedings of the 2005 IEEE International Conference on Services Computing (SCC'05), 2005
33. Tarhini et al., Regression Testing Web Services-based Applications, Computer Systems and Applications, March 8, Page(s):163-170, 2006
34. Benharref A. et al, A Web Service Based-Architecture for Detecting Faults in Web Services, IFIP/IEEE International Symposium on Integrated Network Management 2005
35. Bhoj, P., Management of new Federated Services, Integrated Network Management V., 1997
36. Weiping He, Recovery in Web Service Applications, Proceedings of the 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'04), 2004
37. Papazoglou, M. and Heuvel, W., Web Services Management: A Survey, IEEE Internet Computing, November 2005
38. Bertolino A. and Polini A., The Audition Framework for Testing Web Services Interoperability, Proceedings of the 2005 31st EUROMICRO Conference on Software Engineering and Advanced Applications (EUROMICRO-SEAA'05), 2005
39. Karjoth, G., Service-oriented Assurance: Comprehensive Security by Explicit Assurances, Publications of the Network Security and Cryptography Group, 2005
40. Tsai, W., Ray Paul R., Weiwei S. and Cao Z., Coyote: An XML-Based Framework for Web Services Testing, 7th IEEE International Symposium on High Assurance Systems Engineering (HASE'02), 2002
41. Yuan Rao, Y., Feng, O, Han, J., and Li, Z., SX-RSRPM: A Security Integrated Model For Web Services, Proceedings of the Third International Conference on Machine Learning and Cybernetics, Shanghai, 26-29 August 2004
42. Bruno, M., Gerardo, C., and Di Penta, M., Using Test Cases as Contract to Ensure Service Compliance across Releases, Proc. 3rd Int'l Conf. Service Oriented Computing (ICSOC 2005), LNCS 3826, Springer, 2005, pp. 87-100
43. Tsai, W., Paul, R, Cao, Z., L. Yu, L., A. Saimi, A. and B. Xiao, ., . Verification of Web Services using an enhanced UDDI server. In Proc. of WORDS 2003, pages 131-138, Jan., 15-17 2003. Guadalajara, Mexico
44. Tsai, W., Paul R., Wei S. and Cao Z. Scenario-based Web Service testing with distributed agents. IEICE Transaction on Information and System, E86-D(10):2130-2144, 2003
45. Xu, W., Offutt, J., Juan Luo, J., Testing Web Services by XML Perturbation, Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05), 2005
46. Yu, W., Supthaweesuk, P., and Aravind, D. Trustworthy Web Services Based on Testing, Proceedings of the 2005 IEEE International Workshop on Service-Oriented System Engineering (SOSE'05), 2005
47. Mei H. and Zhang L., A Framework for TestingWeb Services and Its Supporting Tool, Proceedings of the 2005 IEEE InternationalWorkshop on Service-Oriented System Engineering (SOSE'05), 2005
48. Canfora G. and Di Penta M., Testing Services and Service-Centric Systems: Challenges and Opportunities, IT Pro Published by the IEEE Computer Society, April 2006
49. Zapthink, www.zapthink.org
50. Fox A. and D. Patterson., When does fast recovery trump high reliability? In 2nd Workshop on Evaluating and Architecting Systems for Dependability (EASY), 2002
51. Candea G. and A. Fox, Crash-only software. In 9th Workshop on Hot Topics in Operating Systems, 2003
52. Candea G. Et, Microreboot-A technique for cheap recovery. In Proceedings of the 6th Symposium on Operating Systems Design and Implementation, 2004
53. Gray J., Why do computers stop and what can be done about it? In 5th Symposium on Reliability in Distributed Systems, 1986
54. OASIS SOA Reference Model TC. Reference model for service-oriented architecture 1.0. Technical report, OASIS, 2006
55. Fielding, R., Architectural Styles and the Design of Network-based Software Architectures. Ph.D. Dissertation. University Of California, Irvine, 2000
56. K. Vaidyanathan, K. et al., Analysis and implementation of software rejuvenation in cluster systems. In SIGMETRICS '01: Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pages 62-71, New York, NY, USA, 2001. ACM Press
57. OASIS (www.oasis-open.org) Web Services Reliable Exchange Technical Committe (WS-SX). 49. W3C (www.w3.org) WS-Policy WG.
58. IBM; The Enterprise Privacy Authorization Language (EPAL 1.1)-Reader's Guide to the Documentation
59. OASIS eXtensible Access Control Markup Language 2 (XACML) Version 2.0 OASIS Standard, 1 Feb 2005
60. T. Yu, M. Winslett, K. Seamons. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security, Vol. 6, No. 1, February 2003
61. OASIS (www.oasis-open.org) WS-BPEL TC.
62. Mecella, M., Ouzzani, M., Paci, F., Bertino, E. Access Control Enforcement for Conversation-based Web Services. Proceedings of the 2006 WWW Conference, Edinburgh, Scotland, May 23-26, 2006
63. Bertino, E., Crampton J.,, and Paci F. Access Control and Authorization Constraints for WS-BPEL. Submitted for publication
64. Bertino, E., B. Carminat, and E. Ferrari, E. Merkle Tree Authentication in UDDI Registries. International Journal of Web Service Research, 1(2): 37-57 (2004
65. Liberty Alliance Project-Introduction to the Liberty Alliance Identity Architecture Revision 1.0 March, 2003