Adding security to existing unsecured web services

Vasile F. Păiş and V. Stăncălie, National Institute for Laser, Plasma and Radiation Physics, Romania

Web services provide a way for applications to exchange data without human intervention. Deployed inside a trusted environment, a service can be accessed directly, without any authentication. However, when exposed over the Internet, the previously unsecured services must become secured.

This poster presents a software application that was developed for the national research project “Research on laser-atoms, laser-plasma interactions, towards inertial confinement fusion” (TICF) [1], in order to allow secure access to existing, unsecured, web services. It implements mechanisms for user authentication and authorisation,
providing access to available web service methods, based on the user’s rights. In addition, it can maintain logs for each request, thus allowing for monitoring the users activity.