This web site is no longer maintained and the content may be outdated.
Please visit for up-to-date information.
No upcoming events...

Home / Graduate / M.S. Theses Completed
  Hasan Doğu, 2005    

Thesis Title

An extension to OASIS usernametoken for simplifying username password authentication


Web services are viewed as the current communication technology between applications and even enterprises. Web service messaging is performed through Simple Object Access Protocol(SOAP). SOAP has been designed to be simple and extensible. But for being simple and extensible, security issue has been omitted in SOAP. For adding security mechanisms to SOAP, some SOAP extensions have been published by Organization for Advancement of Structured Information Standards(OASIS). SOAP security extension for username-password authentication is OASIS UsernameToken. OASIS UsernameToken carries basic username password information. This basic information works fine when the known username - password pairs of a system are stored in a single location. But when the known username - password pairs are stored in multiple locations, each location must be searched to find a matching pair. Searching through each possible location increases response times of web services.In this research, we propose an extension to OASIS UsernameToken which contains additional information other than the basic username and password pair. This additional information can be used by authentication components of web services to make decisions and search for the received credentials at their exact place.
Boğaziçi University Department of Computer Engineering
Address: 34342 Bebek, Istanbul, TURKEY
Phone: +90 212 359 4523-24 Fax: +90 212 287 2461
general information:   webmaster: