Building Trust and Security in Web Services

Building Trust and Security in Web Services

Length: 3107 words (8.9 double-spaced pages)

Rating: Excellent

Open Document

Essay Preview

More ↓
Building Trust and Security in Web Services


The yearning to componentize software development, where software is "assembled" like an automobile, where each component interacts with the other components in an unambiguous and streamlined fashion is very old and deep rooted. For, the most significant challenges in software development are maintaining and changing software pieces which perform redundant functions and integrating such components with one another.

As the industry started to mature, significant research has taken place to find ways of architecting software components as building blocks that are seamlessly integrated, irrespective of where those components reside or how they are implemented. CORBA and COM arrived on the scene addressing these issues and providing a sound architecture for distributed computing. While these very interesting developments were going on, the Internet revolution took place simultaneously as more and more businesses started to register their presence on the web. E-business and e-commerce have seen tremendous growth in the past 7 years where major business functions are taking place through the medium of internet and some businesses are run entirely on the Internet. As a result more and more business software processes had to interact with their business counterparts over the Internet. The eventual convergence of these two paradigm shifts in the software development resulted in the birth of Web Services.

Web Services are fundamental building blocks of software that are deployed in heterogeneous software and hardware platforms, that describe and publish their behavior to potential consumers (UDDI), based on a software contract (WSDL) interact with consumers by receiving and sending (XML) messages through a common protocol (SOAP). The scenario where a software component can dynamically detect, contract and utilize services provides a strong semantic connection to the web and may truly revolutionize the web. But the prospect of unprecedented inter-connectivity comes with huge challenges of security and raises serious questions on ethics and legalities.

Some of the challenges are

Security: How to prevent unauthorized access to critical information, code or a business process? Moreover the pertinent question is how to prevent misuse of critical information, code or a business process, gained by authorized access.

Trust and Verification: What should be the parameters that enables establishing trust between a potential consumer and a provider? Even if 'trust' is established how can the consumer 'verify' the trust?

Ownership and Responsibility: How to enforce ownership rights and accountability? When there is a software failure who owns up for it ?

How to Cite this Page

MLA Citation:
"Building Trust and Security in Web Services." 123HelpMe.com. 15 Dec 2019
    <https://www.123helpme.com/view.asp?id=36160>.

Need Writing Help?

Get feedback on grammar, clarity, concision and logic instantly.

Check your paper »

Purpose and Value of Web Services Essay

- 1. What are the purpose and business value of Web services. Due to evolving of internet, web site can deliver HTML pages and centralized services to browser. Then, web site become more programmable that directly links to organizations, application, services, and devices with one another. Lastly, this programmable Web sites become more than static accessed sites which turn to reusable, an intelligent Web Services. So, the Web services can be defined as a set of technologies to standardize how applications communicate to each other....   [tags: internet, html pages, browsers]

Research Papers
1263 words (3.6 pages)

Amazon and Ebay: The New Face of Web Services Essay

- Amazon and Ebay: The New Face of Web Services CASE STUDY QUESTIONS 1. What are the purpose and business value of Web services. The principal purpose of Web service is create the exchange of data between business (for example e-commerce or e-business) in real time via Internet, and this way a business might share with its costumers, suppliers, and other business partners all the necessary information. As a result, the use of Web serving by any organization, which wants grow up and support a place in the market, is the best tool....   [tags: Business Internet ]

Free Essays
1658 words (4.7 pages)

Essay On Trust

- 1.0 Basic concept of trust In this situation we need to understand the concept of trust, and we will look onto UEL website and their security level, will try to examine the structure or architecture of this website particular on trust as well as how to manage the risk is a way to trick computer users into revealing personal “In order to establish trust or confidence, there must be some binding of unique attributes in the website that will identify the unique identity. If website has got some elements of trust is commonly called authentication and will provide trust relationship to the users” (Andert et al 2002) Trust can be defined as an integral component that involve many kinds of human...   [tags: Outline]

Research Papers
916 words (2.6 pages)

Essay on The Security Systems : Customer 's Needs

- GGoods: Security systems  Customer’s needs Now a day’s Security systems are play a very important role in our life. Security systems are required. Security systems are needs to live protect and save life.  Customers want Each entrepreneur endeavours to keep their workers, resources, and office space as protected as could be allowed. We 've worked years to construct and keep up our organizations, and when you abandon, you need to verify that everything is shielded from mischief.  Customer Expectations Security systems are a simple, reliable form of security that can be installed quickly and easily....   [tags: Security, Security guard, Security police]

Research Papers
1580 words (4.5 pages)

Cyber Defense Exercise Hosted By The National Security Agency Essay

- Knowledge of the techniques of the information security discipline, including encryption, access control, physical security, training, threat analysis, and authentication. As an Information Technology major at the United States Naval Academy (USNA), the faculty selected me to participate on USNA’s team for the 2010 Cyber Defense Exercise hosted by the National Security Agency. The competition, which we won, required us to design, operate, and defend our virtual network. As File Systems Manager, I was personally responsible for the encryption, user authentication, and intrusion analysis of our web server, exchange services, and databases....   [tags: Security, National security, Computer security]

Research Papers
1605 words (4.6 pages)

Security and Private Issues in Ecommerce Essay

- SECURITY AND PRIVATE ISSUES IN ECOMMERCE INTRODUCTION: Privacy means that the control over data and security of one is the attempt to access the data by other unauthorized . These are two critical issues facing by both consumers and e-commerce sites alike. Since the invention of the World Wide Web , electronic commerce based on the Internet has grown from a simple idea into reality. Consumers browse through catalogs , finding the best deals, order goods and pay electronically ....   [tags: Privacy, Data Control, Security, Consumer Sites]

Research Papers
1441 words (4.1 pages)

Security Violations And Its Effects On Our Financial, Intellectual And Customer Data From External Threats

- Presented here is a recommendation to implement a security policy in order to protect our financial, intellectual and customer data from external threats. The rising number of security incidents is a problem that is growing more advanced everyday. In 2014 cyber attacks against large corporations increased 40 percent from the previous year (Carey, 2015). Due to these threats companies are under immense pressure to show they are dealing with protecting sensitive customer data from being lost, stolen or modified....   [tags: Computer security, Security, Internet]

Research Papers
773 words (2.2 pages)

Effects of User’s Perceived Security on their Usage of Online Banking and e-Payment Facilities

- With the innovative changes in everyday life since the creation of the internet, the banking sector is no exception. The creation of value-added services through the internet such as online transactions and online banking, the traditional landscape of banking has been transformed to new lengths. Day to day banking and similar financial transactions through the digital medium have positively affected the live of many due to the derived benefits such convenience to complete financial transactions at their leisure....   [tags: Internet Security ]

Research Papers
902 words (2.6 pages)

Importance Of Initial Online Trust Essay

- This chapter synthesizes and discusses the findings in relation to the research aim, the research objectives and literature review. 5.1 THE IMPORTANCE OF INITIAL ONLINE TRUST IN B2B CONTEXT Reasons regarding the importance of initial online trust was the initiating investigation made in this research. A secondary data research laid emphasis on the different reasons. While the literature review already reviewed that creating general trust is important to inter alia make people more involved, this is corresponding with the findings from secondary data despite the fact that the secondary research was focussing on initial online trust formation and not on general trust formation....   [tags: Marketing, Research, Business-to-business]

Research Papers
831 words (2.4 pages)

Web Seal: Definition and Characteristics Essay

- WEB SEAL: DEFINITION AND CHARACTERISTICS The web seal is a form of assurance service represented by a stamp posted to websites that pass specific procedures. It is a unique logo available on websites to provide reasonable assurance to clients that it is a safe and secure website to undertake electronic business. The web seal represents the trust service developed jointly by both the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Certified Accountants (CICA) to cut out the concerns the general public toward electronic commerce....   [tags: form of assurance service]

Research Papers
1612 words (4.6 pages)

Related Searches

How disputes between consumers and providers are resolved? Is there a place for compensation and penalties regime?

Societal and Ethical Issues: What are the ethical implications of the retrenchment that will inevitably follow the phase-out of redundant software pieces, replaced by faceless entities on the internet? What if the e-dispute spans national boundaries? What if the national entities in question have adversarial relationships?

Security and Ethics

Let us revisit the start of the Internet revolution era, when e-business and e-commerce where finding their way on the web. Similar concerns of security were raised when the information traveling on the super-highway could be hacked and hijacked by malevolent users. Even now security forms a major and fundamental concern of internet applications. But the security that was possible in military domains of the internet was made available in the public domain as well. Major companies that deal primarily with web-security came up with innovative products like data encryption, secure socket layers, safety zones to protect against hackers. Web sites doing monetary transactions and dealing with critical information had no other alternative but to enable their products with the latest security features. TheUS, Canada, Europe and some Asian countries have passed e-commerce laws that mandate certain level of security in internet sites participating in e-commerce. Today the mere thought of a web site that asks for credit card information in a non-safety zone is outrageous.This security consciousness has been built over the years due to learning and experience by the Internet community. But the problem of security in web services has both internal and external dimensions and they are equally important. Data encryption and Secure Transmission protect data against only eavesdroppers; once data reaches the destination there will be no protection. Significant research is going on to evolve new standards in web services security with the use of digital certificates and digital signatures.

This writer strongly believes in the rights based philosophy of John Locke who inspired the founding fathers of America, which declares that certain rights like right to life, liberty and right to own property are inviolable by anybody. You cannot use information that rightfully belongs to others for your own benefit without the owner’s express permission. Critical financial information, medical information are to be treated as private property and the right to own them should be respected by everyone. Just because there is a business contract which requires revealing of such information does not give rights to any contractor to misuse that information. In today's world, information is the most important property a business can own and hence the protection of information should be given paramount imporatance. But since ethical standards are difficult to enforce in this boundary less Internet world, even by a powerful territorial authority, the technology should self-enforce the ethical imperatives. The possibilities of technology themselves have to be harnessed in building security that prevent its misuse.

But there are implications of building layers of security around the information super-highway. More and more resources would be required to develop the systems and applications and as a result of building additional layers of security around applications, there may be severe downgrading of performance. Developing security perimeters may result in more time and cost overruns in developing business applications in the web. But this is the minimum liberty or natural right that we forfeit to enjoy our rights that no one else would breach our security. It is to be noted that creating and maintaining secure connections is computationally intensive and in high volume environments, can quickly overwhelm ordinary software processors. To overcome this, businesses may need to deploy expensive hardware based accelerators (XAN Devices) that provide transport layer security. As a result of this, small and medium businesses may be overwhelmed by the cost of deploying their services on the Internet and may be left out of the marketplace. Nations and organizations should come together to enforce strict standards of security for critical applications to avoid the misuse and fraudulent use of technology. Also the research and development for providing software and hardware solutions to the problem of security should be shared by all so that everyone enjoys the benefit of doing secure business transactions in the web. This is the Hobbesian alternative to utter chaos, insecurity and the widening of digital gap.

Trust and Verification

One of the most critical issues in deploying web services is the difficulty in establishing trust between a consumer and a provider. Licensed software is sold very much like commodities where trust is established by repeated usage and experience. For example you can buy a copy of Windows XP off the shelf in a store and install it in your computer, use it for some time and judge for yourself if the software meets your expectations. In this case, the software is run entirely in the consumer's control, there is an absolute guarantee that the software will not change without the owner's knowledge ( Do automatic updates fall in this category ?) . Here is where web services differ fundamentally with licensed software. The code nature of web services may change any time, the domains where the services are hosted could change, its terms of contracts could change and its availability could change. An white paper pubished by a panel of experts at www.vaWSS.org argues that there are fundamentally 5 critical issues in trust and a web service which does not provide assurances in the following areas creates mistrusts in consumers minds.

Trust in Code - Delivery of bug free software, which meets its functional requirements, quality requirements and performance requirements is an absolute necessity in establishing trust in code . Atleast the software interface or the connection points should not change without warning resulting in incompatible communication.

Service Availability – Round the clock availability of service and network connection.


Privacy/Security – Service providers should provide guarantees that they will not intrude in the private space of the consumer's database nor will they ever misuse or tamper with it


Identity – Truthful establishment of the Identity of consumers and providers. The provider should truthfully identify its consumers before providing access to its service and the consumer should be able to presage identity of providers.

Response to Failure – In case of hardware failure, there should be provision of either redundancy or back up systems. In case of software failures, access should be provided to the Help Desk to seek redressal of failures.

Evidently even if we have iron clad guarantees for all these 5 issues, the problem of enforcement remains open. What if trust is violated and what recourse is taken in a boundary less world ? A monolithic international authority that oversees and enforces trust and punishes violations may be the best solution, but it is not practical. Some would argue that such a structure would destroy the independence and liberty that Internet bestows on the people of the world. The emergence of international monitoring authority in which everybody is willing to concede power to enforce "rules" is highly unlikely. In this issue, the Hobbesian alternative, where the global business community entrusts a sovereign power to safeguard its rights and agrees to live by a certain contract is impractical.

However, David Hume's philosophy of trust is far more suitable to the subject matter. Hume puts far less emphasis on the role of the Sovereign. The reason for this can be traced back to Hume's more optimistic view of human nature. Here we implicitly hope that all providers have entered the web arena to provide services in good faith and prosper based on the services they offer, given that both consumers and providers experience the benefits of co-operation and agreement in their interactions. Hume conceives of the problem of trust not as the problem of having to convince mutually antagonistic egoists which is the case here to co-operate. Rather, it is the problem of reassuring persons who know of the benefits of co-operation that, if they co-operate, they will not be vulnerable to those who would take advantage of them. The solution, then, lies in each person seeing the advantages made possible by such 'artifices' as rules of property and justice. These conventions – these restraints on the unrestricted pursuit of self-interest – find approval, as Hume puts it, 'in the judgement and understanding' because of the great advantages that they make possible. Hume wrote about "The Sensible Knave",

"That honesty is the best policy, may be a good general rule, but is liable to many exceptions; and he, it may perhaps be thought, conducts himself with most wisdom, who observes the general rule, and takes advantage of all the exceptions."

This still leaves the problem of how to deal wilful negation of trust. One of the interesting ideas that are emerging is called the "web of trust". Independent brokerage services could monitor, track and rate the quality of service of various providers. They could also independently verify the source code, do auditing of security practices and systems and resolve disputes. Independent firms could even provide 24/7 support for web services provided by various consumers. A consumer could trust an independent brokerage firm who could in turn trust somebody else who in turn could trust the ultimate consumer, thus weaving a web of trust. The idea is, in this heavily interconnected world bad things propagate fast and thick and reputation would provide a reasonable benchmark for trust. Any provider who loses trust will lose commerical viability as well if such practices are uniformly adopted.

Ownership and Responsibilty

Again we will re-examine the differences between licensed proprietary software and a web service to understand the issue at stake. In a licensed software, there is somebody who owns the software and is responsible for maintenance. If the software malfunctions, that entity or person or company can be contacted for help. In some cases, the software company may admit its fault and provide a fix. In some mission critical applications, there is even scope for litigation and penalization, as the penalty clauses and quality of service clauses form part of the service contract in such applications. But web services are a different category altogether. In a weave of components, one component may malfunction which may result in a chain of errors and it is difficult to fix the responsibility on one component. Even if the component is identified, the provider may repudiate that it ever was invoked from the consumer's software. It may claim that errorenous input was provided and hence that was the result of failure. All these issues introduce a lot of complexity in 'fixing' blame on a particular component.

Lot of research has been going on to provide answers to these questions through technology itself. Some of the techniques are timestamping, encrypting, auditing as a "web message" travels from one service provider to the other. These measures provide for non-repudiation, message integrity and secure audit trail to trace back software failures. Any dispute between contracted parties are resolved by e-dispute resolution firms that look at the contract, the evidence of data trail to resolve the dispute. The idea of a compensation and penalties would be decided in the arbitration phase of the dispute resolution. Here there is apparently no need for any agency to interfere in the dispute between contracted parties if they wish to negotiate it themselves. If the negotiation fails, they may mutually agree to refer the dispute to a dispute-resolver. Since it is very difficult to generally quantity the compensation and the grievance, it depends entirely upon the terms of contract and the criticality of the failure.

Societal and Ethical Issues

There are some genuine concerns about this massive and seamless integration of businesses most of the work force would be rendered redundant. This will cause large scale retrenchment of people. What are the ethical implications of employing "faceless" entitites and retrenching real people ? It can be argued that employees are the real assets of any company and nothing better can be gained by losing them. Though on the face of it, it looks like an emotional argument, it is a very sound one when we realize that ultimately people power the internet (borrowing Peoplesoft's slogan). When considered from an Utilitarian principle, the most important duty of a business is to raise its worth to the community. If significant savings and profits could result from employing web services than employing people to do the same job, the business entity has an inherent responsibility to consider it in its moral calculus. However these arguments are a rehash of what we heard when computers started to pervade the entire spectrum of businesses. We were told that millions of people would be rendered jobless and the economy may collapse as a result of it. But computers in the last 2 decades have created more jobs, created more revenue earning jobs, lifted businesses to heady profits ( and pits of downfalls as well !). The largest economic expansion of the United States took place in the technology revolution era. It is to be expected that we would hear these arguments, but this writer believes that just as it happened during the 90s, this new wave of web integration would only shift the jobs from one sector to the other. Moreover the functional expertise behind the web services will have significant personnel component as best business practices are still to be coded as services. They will also require 'constant change' which is not possible without human effort.

Now let us turn our attention towards e-disputes spanning international borders. Which country's juristiction would apply for the settlement of disputes ? (The disputes around Internet Gambling in the United States offer some significant insights into plausible future problems) What will be the consequences if the countries in question have adversarial relationships ? A provider country could shut down critical applications or deny the use of services hosted from its territory to its adversary. In their famous essay "Law And Borders--The Rise of Law in Cyberspace" published in Stanford Law Review, David R. Johnson and David G. Post write that

"Physical borders are not, of course, simply arbitrary creations. Although they may be based on historical accident, geographic borders for law make sense in the real world. Their relationship to the development and enforcement of legal rules is logically based on a number of related considerations"

They go to define a "Cyberworld", that cyberspace like any other territory is its space and is defined by its own characteristics. Hence they argue that the laws that apply in that space would be unique to that space and supercedes any other territorial law. Also any territorial law would be impotent because of sovereignty constraints, there should emerge a law that is unique to the "cyberworld" in the form of self-regulatory structures.

"Perhaps the most apt analogy to the rise of a separate law of Cyberspace is the origin of the Law Merchant--a distinct set of rules that developed with the new, rapid boundary-crossing trade of the Middle Ages.Merchants could not resolve their disputes by taking them to the local noble, whose established feudal law mainly concerned land claims. Nor could the local lord easily establish meaningful rules for a sphere of activity he barely understood, executed in locations beyond his control. The result of this jurisdictional confusion, arising from a then-novel form of boundary-crossing communications, was the development of a new legal system--Lex Mercatoria.The people who cared most about and best understood their new creation formed and championed this new law, which did not destroy or replace existing law regarding more territorially-based transactions (e.g. transferring land ownership). Arguably, exactly the same type of phenomenon is developing in Cyberspace right now"

As long as the parties both willingly profess the 'netizenship' of the business domain and agree to respect the contract and its terms in the cyberdomain, there are sufficient grounds for resolving the disputes without taking recourse to the territorial law or law of comity.

References

Hume, David "A Treatise of Human Nature." Edited by L. A. Selby-Bigge and P. H. Nidditch. Oxford: Clarendon Press, 1975 [1737].

"The philosophy of trust" <http://www.open2.net/trust/downloads/docs/humeontrust.pdf>

"How can we build Trust between a Consumer of a Web Service and Developer?" <http://www.vawss.org/ca/v001.aspx>

David R. Johnson and David G. Post "Law And Borders--The Rise of Law in Cyberspace" 48 Stanford Law Review 1367 (1996) <http://www.cli.org/X0025_LBFIN.html>
Return to 123HelpMe.com