Limitations of Web Service Security on SOAP Messages in a Document Production Workflow Environment

Web service security is one of the important areas of research both in industry as well as in academia. SOAP messages with XML signatures under Web service security specification provide secure message exchange solutions in SOA based applications. Recent researches established that the solutions based on the specification have several limitations. XML rewriting attacks on SOAP messages exposed the vulnerability of SOAP messages and different solutions are proposed to counter the attacks. In the present paper we expose few other limitations of Web service security in providing end-to-end integrity, specially part integrity and reuse issues, of multiple signed messages in a SOAP message in a document production workflow environment. The present paper also discusses the consequences of the limitation and establishes that it is not possible to address these issues at message level. It also proposes a solution in BPEL process level using a special protocol.