Regarding the current status of message level security in Web Services, various standards like WS-Security along with WS-Policy play a central role. Although such standards are suitable for ensuring end-to-end message level security as opposed to point-to-point security, certain attacks such as XML rewriting may still occur. In addition the generation and validation of the key security mechanisms (e.g.signature) are always processor intensive tasks. Based on some real world scenarios we propose a scheme to include SOAP Structure information in outgoing SOAP messages and validate this information before policy driven validation in the receiving end. This allows us to detect some XML rewriting attacks early in the validation process, with an improved performance. We report on this efficient technique and provide a performance evaluation. We also provide insights into the WS-Security, WS-Policy and related standards. features and weaknesses.
