Development of a web services security archhitecture based on .net framework

Abstract

Service Oriented Architecture (SOA) is an architectural style which allows interaction of diverse applications regardless of their platform, implementation languages and locations by utilizing generic and reliable services that can be used as application building block. SOA includes methodologies and strategies to follow in order to develop sophisticated applications and information systems. SOA is different from the traditional architectures as it has its own unique architectural characteristics and regulations, which needs to be analyzed and clarified so as to apply the information that should be included in the architectural model of SOA correctly to service based application development. The newest technology for SOA is web service technology which gains more and more importance as a technology to develop distributed serviceoriented applications. Web services are an emergent paradigm for implementing business collaborations over the web. Each service has an interface that is accessible through standard protocols and that describes the interaction capabilities of the service.This master's thesis primarily examines the web services concept of the .NET platform having the emphasis on secure communication. A case study demonstrates securing the communication between a web service and its clients through RIJNDAEL, 3DES and RSA algorithms implemented on code based structure which uses the identity token, provided from identity web service, to validate the identity of the client and the status token provided from status web service in order to validate the status of the client.A number of tests are performed using different cryptographic algorithms and network settings for the communication in order to obtain operational values of these algorithms.