Merkle Tree Authentication in UDDI Registries
Author
E. Bertino, B.Carminati, E.Ferrari
Tech report number
CERIAS TR 2004-67
Abstract
UDDI registries are today the standard way of publishing information on web services. They can be
thought of as a structured repository of information that can be queried by clients to find the web
services that better fit they needs. Even if, at the beginning, UDDI has been mainly conceived as a
public registry without specific facilities for security, today security issues are becoming more and
more crucial, due to the fact that data published in UDDI registries may be highly strategic and
sensitive. In this paper, we focus on authenticity issues, by proposing a method, based on Merkle
Hash Trees, which does not require the party managing the UDDI to be trusted wrt authenticity. In
the paper, besides giving all the details of the proposed solution, we show its benefit wrt standard
digital signature techniques.
Key alpha
UDDI authenticity, digital signature, XML, Merkle hash tree
Publication Date
2004-01-01
Contents
1. INTRODUCTION
2. UDDI REGISTRIES
3. XML MERKLE TREE AUTHENTICATION
4. APPLYING THE MERKLE SIGNATURE TO UDDI REGISTRIES
5. MERKLE SIGNATURES VS. XML SIGNATURES IN UDDI
REGISTRIES
6. PROTOTYPE OF AN ENHANCED UDDI REGISTRY
7. CONCLUDING REMARKS
Location
A hard-copy of this is in the CERIAS Library