Verifying a Secure Session Protocol for Web Services

The security of protocols for Web Services needs to be verified for variety and internal semi-structure of XML messages and composition of standard Web services specifications. Relying on the specifications of WS-Trust and WS-Secure Conversation, a secure session protocol based on trust brokering model has been presented, which protects a SOAP message as well as protects a session between Web services by the derivation of keys. Furthermore, the security of the protocol is verified by using a security analysis tool, AVISPA, which compares with another tool.