@techreport{bhargavan2004secure,
author = {Bhargavan, Karthik and Corin, Ricardo and Fournet, Cédric and Gordon, Andy},
title = {Secure Sessions for Web Services},
year = {2004},
month = {October},
abstract = {WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To these ends, recent specifications provide further SOAP-level mechanisms. WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications.},
publisher = {ACM Press},
url = {http://approjects.co.za/?big=en-us/research/publication/secure-sessions-for-web-services/},
pages = {56-66},
isbn = {1-58113-973-X},
edition = {2004 ACM Workshop on Secure Web Services (SWS 2004)},
number = {MSR-TR-2004-114},
note = {2004 ACM Workshop on Secure Web Services (SWS 2004)},
}