Implementing a SOAP security proxy and Evaluating SOAP security standards

Abstract: The project had two intended goals. One was to create a prototype for the proxy component of the Secure Webservice Platform system that can function on the GNU/Linux operating system. The other goal was to evaluate a number of different SOAP security methods in order to determine if any could function as a alternative to the Specifikation för Säker Elektronisk Kommunikation (SSEK) standard. In order to achieve the second goal, an evaluation was performed on the SOAP security methods Transport Layer Security, XML Signature, XML Encryption, Web Service Security, and Web Service Secure Conversation using a set of predefined criteria. In order to be able to evaluate if any of the methods could function as an alternative to SSEK, an evaluation of SSEK using the predefined criteria was also performed. In order to achieve the first goal, a prototype was constructed and SSEK security was implemented using a combination of node.js, libxmljs and xmlsec. The conclusions drawn from the results obtained is that none of the evaluated methods could work as an alternative to SSEK security, although some could come close when combined with others. It was also concluded that while node.js could be used to construct a prototype, due to the limited amount of support for SOAP web service standards provided by node.js as well as the amount of adjustments that needed to be done on libxmljs in order to implement the security, careful consideration should be taken before selecting node.js as a platform for similar projects.