TY - CPAPER U1 - Konferenzveröffentlichung A1 - Höller, Paul A1 - Krumeich, Alexander A1 - Lo Iacono, Luigi T1 - XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany T2 - Jøsang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625 N2 - XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research. KW - XML Signature KW - XML Signature Wrapping KW - SOAP KW - SAML KW - E-Health KW - Personal Health Record KW - PHR Y1 - 2021 UN - https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-55487 SN - 978-3-030-78119-4 SB - 978-3-030-78119-4 U6 - https://doi.org/10.1007/978-3-030-78120-0_1 DO - https://doi.org/10.1007/978-3-030-78120-0_1 AX - 2106.10460 SP - 3 EP - 18 S1 - 16 PB - Springer CY - Cham ER -