Web Services (WS) have been adopted as an efficient way for application integration and constitute a suitable foundation to realize a Service oriented Architecture (SOA). More and more enterprises have joined into this modern business world and implement complex business processes by a multitude of independent services, each providing only a part of the overall functionality. Organizations may use different services for the same functionality depending on their availability and may include services hosted by other companies belonging to different trust domains. However, to provide their own Web Services, communicate with partners for composing integrated Web Services, or even consuming Web Services, enterprises have to open their networks and expose their internal sensitive resources. Currently, firewalls are usually deployed to protect the internal networks. Unfortunately, these firewalls can not satisfy all the security requirements of SOA applications, since traditional approaches are based on the filtering of the TCP/IP packets, which are not able to provide a complete separation of the networks as well as the security on the application/service layer. Since Security at the network layer is not sufficient to secure interactions in the scope of SOA, a solution is needed that provide message-based security Gateway.

we propose to implement a Lock-Keeper Web Services Gateway (LK-WSG) in this bachelor project. The general goal of this project is to deploy Lock-Keeper in SOA applications to enhance the security of involved enterprises’ internal networks. The Web Services Gateway should check and verify communication at the messaging layer. In addition, this solution should facilitate the establishment and management of identity federations (e.g. based on WS-Federation or SAML) to enable the secure usage of services across different organisations.

Within this project, many technical issues, concerning security, reliability, quality of service, communications compatibility, etc., need to be addressed. Some related mature security products can be used as good references (e.g. Sun Access Manager, Microsoft CardSpace, OpenID, etc).

The implemented prototype proves that our LK-WSG has the following features:

• Transparency for Web Services and Web Service Clients
• Centralization of Web Service Management and Security
• Encryption and Signature using WS-Security and SSL
• Authentication and Authorization using SAML and XACML
• Authentication across companies in SOAs
• Flexibility to be capable of working with/without ock-Keeper

• HPI: Wiederverwendbare Software sicher anderen Unternehmen anbieten (HPI Press: released on 03.07.2009)
• Project Presentation on Tele-TASK (tele-task.de, 03.07.09)

• 6. HPI Bachelor Project Podium: Presentation
• 6. HPI Bachelor Project Podium: Press Release