الفهرس 
CHAPTER ONE: INTRODUCTIONOnly 14 pages are availabe for public view
 |  | from | 107 |  |  |
| | | from | 107 | | |
Abstract
Nowadays, Web services are the leading and powerful solution for solving the problem of information systems’ integration. Web services are based on the service oriented architecture (SOA). Web services security is an important issue especially web services use a specific type of messaging protocols. Web services use SOAP that is a message format that enables method calls to be sent in an XML format from one computer to another. This kind of message needs specific techinques to secure and the researches study how to secure the SOAP messages untill now. Because of the spread of web services such as online shopping services, e-commerce and business agile etc., this thesis has motivated to study how to preserve the privacy during the web services interactions.
Privacy is a big obstacle when using web services and preserving privacy of web services is one of the main challenges during their interaction. Therefore, minimizing the number of the disclosed credentials that are required for accessing the web services resources during the interaction is a desirable behavior. The credentials’ encryption are used to preserve the privacy using certificate authority as a third party. According to our knowledge, there is no technique that uses the credentials encryption using certificate authority as a third party. Moreover, the idea is developed and enhanced by including the negotiation technique. The negotioation technique is based on the credentials generalization and substitution. To the best of my knowledge, in the current privacy preserving approaches for web services, there is no technique that uses the negotiation for credential generalization and substitution between the consumer and the provider in
conjunction with the credentials encryption using certificate authority as a third party. Using the substitution or generalization can convert the sensitive credentials to others non-sensitive.
In this thesis, an approach for web services privacy preserving is proposed. This approach is based on the negotiation using its techniques: substitution and generalization, encryption, and certificate authorities as third parties. The proposed approach is implemented and tested. The results show that the number of disclosed sensitive credential is the minimum number of credentials that can be disclosed to guarantee the accessing of the service. The online shopping scenario is used as a case study to illustrate the model.