@inproceedings{H{\"o}llerKrumeichLo Iacono2021,
  author    = {H{\"o}ller, Paul and Krumeich, Alexander and Lo Iacono, Luigi},
  title     = {XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany},
  booktitle = {J{\o}sang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625},
  isbn      = {978-3-030-78119-4},
  doi       = {10.1007/978-3-030-78120-0_1},
  institution = {Fachbereich Informatik},
  pages     = {3 -- 18},
  year      = {2021},
  abstract  = {XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.},
  language  = {en}
}