Thursday, January 15, 2009

WS-Security Processing Models

Isuru has written an article on "WS-Security Processing Models". He started the article by introducing different attacks on Web services. Then he has explained the importance of rejecting invalid messages as early as possible. This helps to reduce damage that can be done by DOS attacks. Here invalid message refers to message which does not conform to the WS-SecurityPolicy.

This article is published on the Oxygen Tank Library. Here is the link to this article.

http://wso2.org/library/articles/ws-security-processing-models-along-ws-securitypolicy-1

Thursday, October 16, 2008

Axis2 Performance with WS Security

Apache Axis2 provides Web services security through its module, Rampart. The performance of Axis2 when Rampart is engaged has become an issue due to the dependency over WSS4J and XMLSecurity. Moreover, the message processing of Rampart has performance issues when it comes to policy validations. To overcome many of the performance issues associated with Rampart, we developed a new implementation purely based on Apache Axiom. There are new improvements which will follow in future posts, but for the moment we decided to put on the performance comparisons we did on our model and Rampart. Please note that for the moment we have used the word "Rampart2" to identify our solution.

Testing Framework

The framework used for testing performance w.r.t. time is depicted in the following diagram.


Messages with payload sizes 1KB, 50KB, and 100KB were tested for each scenario. The scenarios and the results are given below.

Scenario 1:







Scenario 2:







Scenario 3:







Scenario 4: