XML Signatures in an Enterprise Service Bus Environment

The goal of service oriented architectures (SOA) is to allow a message based and loosely coupled interaction between different web services. This approach allows the orchestration of web services in distributed, heterogeneous applications where the different services can be implemented in different programming languages, run on different machines and be based on different protocols. The adoption of web services to integrate systems within an organization and with partners is strongly dependent on the security standards that accompany service oriented architectures (SOA). The XML (Extensible Markup Language) Signature standard plays a key role here. For protecting such a distributed application, XML Signatures are used on several levels and for different challenges, for example to guarantee the integrity and authenticity of the exchanged messages and their authentication information, as well as the audit trails and to provide non-repudiation. The paper describes the role of XML Signatures for protecting Enterprise Service Bus (ESB) based SOA applications.