TY  - CONF
A1  - Höller, Paul
A1  - Krumeich, Alexander
A1  - Lo Iacono, Luigi
T1  - XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany
T2  - Jøsang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625
N2  - XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.
KW  - XML Signature
KW  - XML Signature Wrapping
KW  - SOAP
KW  - SAML
KW  - E-Health
KW  - Personal Health Record
KW  - PHR
Y1  - 2021
UR  - https://pub.h-brs.de/frontdoor/index/index/docId/5548
UR  - https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-55487
SN  - 978-3-030-78119-4
N1  - © IFIP International Federation for Information Processing 2021
SP  - 3
EP  - 18
PB  - Springer
CY  - Cham
ER  -