Date of Publication :24th January 2017
Abstract: In recent years, in the context of securing of web application layer from attacks by unauthorized users, web security has been viewed. Security of Web services has shown a significant gesture as several specifications have been developed and implemented to meet web services' security challenges. However, the performance of security mechanisms is full of concerns due to additional security content in SOAP messages, the higher number of trust-building message exchanges, as well as additional CPU time to process these additions, we consider and compare the performance of various security measures applied to a simple web service evaluated with different initial message sizes in this paper. The test results shows that security mechanisms for transport layers are considerably faster than security mechanisms for message level. In addition, the effect of adding SAML-tokens is negligible and the performance of SAML-based web services is largely dependent on the underlying security mechanisms. Eventually, compared to Non-STS Mechanisms, the performance penalty for implementing STS security mechanisms is significantly high.
Reference :