WSEmail: A Retrospective on a System for Secure Internet Messaging Based on Web Services
share
Web services offer an opportunity to redesign a variety of older systems to exploit the advantages of a flexible, extensible, secure set of standards. In this work we revisit WSEmail, a system proposed over ten years ago to improve email by redesigning it as a family of web services. WSEmail offers an alternative vision of how IM and email services could have evolved, offering security, extensibility, and openness in a distributed environment instead of the hardened walled gardens that today's rich messaging systems have become. We demonstrate the flexibility of WSEmail using three business use cases: secure channel IM, business workflows with routed forms, and on-demand attachments. Since increased flexibility often mitigates against security and performance, we designed WSEmail with security in mind and formally proved the security of one of its core protocols (on-demand attachments) using the TulaFale and ProVerif automated proof tools. We also provide performance measures for the basic WSEmail functions in a prototype we implemented using .NET. Our experiments show a latency of about a quarter of a second per transaction under load.
READ FULL TEXT