Volltext-Downloads (blau) und Frontdoor-Views (grau)

XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany

  • XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.

Download full text files

Export metadata

Additional Services

Search Google Scholar Check availability


Show usage statistics
Document Type:Conference Object
Author:Paul HöllerORCiD, Alexander KrumeichORCiD, Luigi Lo IaconoORCiD
Parent Title (English):Jøsang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625
Number of pages:16
First Page:3
Last Page:18
ArXiv Id:http://arxiv.org/abs/2106.10460
Place of publication:Cham
Publishing Institution:Hochschule Bonn-Rhein-Sieg
Date of first publication:2021/06/18
Copyright:© IFIP International Federation for Information Processing 2021
Keyword:E-Health; PHR; Personal Health Record; SAML; SOAP; XML Signature; XML Signature Wrapping
Departments, institutes and facilities:Fachbereich Informatik
Institut für Cyber Security & Privacy (ICSP)
Dewey Decimal Classification (DDC):0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten
Entry in this database:2021/06/18
Licence (Multiple languages):License LogoIn Copyright (Urheberrechtsschutz)