Ensuring secure and robust web service interactions

Abstract

Web services are a programmable way to access the web. Unlike websites, web services do not return human-friendly content such as HTML, CSS, or JavaScript in response to a request. Web services mostly support the transfer of data in XML or JSON formats. Owing to this, the efficacy and security of XML and JSON documents is important. XML and JSON documents are intended for consumption by computer application and not humans. The main issue with XML and JSON documents is that they are verbose. They are both structured documents, meaning that their content can be divided into structure and data parts. In XML, the tag-name and attribute-name constitute the structured parts of the document whereas values between the tags and values of attributes are the data parts. JSON documents comprise structure parts as names whereas values are data part. Compressing these documents increases the communication efficiency between web services. We review several prominent techniques of XML and JSON compression. The idea behind XML and JSON compression techniques is to compress by appropriately harnessing their structured nature instead of just compressing them like normal text. Subsequently, we propose an XML and JSON compression technique that performs better than existing techniques in the terms of compression ratio, especially in the case of web services. The method of XML and JSON compression proposed is simple yet effective, especially on small documents that constitute the bulk of such communicated content on the Internet. In addition to efficacy in XML or JSON compression, we also need to ensure security of such documents. There exists a W3C recommendation for XML encryption. The W3C recommendation prescribes the use of conventional encryption algorithms to encrypt such content and present it using special XML elements. The idea is to encrypt the entire XML document or parts of it with existing encryption algorithms and represent the encrypted data under special XML tags. W3C’s recommendation on XML encryption has been perhaps the most prominent work in this direction until now. We propose a technique of XML and JSON encryption wherein we extend existing techniques of XML compression and employ the same for security.