Browse Prior Art Database

Method to provide authorization based control for visibility of WSDL operations and messages

IP.com Disclosure Number: IPCOM000222447D
Publication Date: 2012-Oct-08
Document File: 3 page(s) / 29K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method to provide authorization based control for visibility of Web Services Description Language (WSDL) operations and messages is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 01 of 3

Method to provide authorization based control for visibility of WSDL operations and messages

Disclosed is a method to provide authorization based control for visibility of Web Services Description Language (WSDL) operations and messages.

Consider a company that provides multiple business partners access to some of it's business processes through web service interactions. A WSDL is used to define all the operations and messages for the exposed web service, however, for reasons of security and privacy the company would like to limit visibility of certain operations and messages to particular business partners . A traditional solution would be to create a unique WSDL for each business partner containing only the operations and messages they were allowed to access. Then, upon authentication each business partner would receive the appropriately modified version of the WSDL, which would contain only the operations and messages they are authorized to use. Over-the-wire Simple Object Access Protocol (SOAP) messages can be secured at the operation level using web service standards such as Web Services Security (WSS or WS-Security) which can be used to restrict access to these operations. However, these operations and message definitions are nevertheless still visible to any system that requests the WSDL. This creates a potential security hazard as the service provider is revealing more information than the requestor needs to know, or should have access. In addition, if the WSDL is dynamically generated by the web service run-time, then there is currently no ability to generate unique WSDLs on a per business partner basis.

The Figure below is an example WSDL which contains multiple operations and messages with a sample policy assertion highlighted in black"


<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"

xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://com/sample/sei/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Service" targetNamespace="http://com/sample/sei/">

<xsd:element name="echoResponse"

1


Page 02 of 3

          type="xsd:string" />

2


Page 03 of 3

Figure

In this example, the highlighted text includes the auth:binding element that refers to the top-level access control assertion. The name...