We consider the problem of specifying and verifying cryptographic
security protocols for XML web services.
The security specification WS-Security describes a range of XML security tokens, such as username tokens, public-key certificates, and digital signature blocks, amounting to a flexible vocabulary for expressing protocols.
To describe the syntax of these tokens, we extend the usual XML
data model with symbolic representations of cryptographic values.
We use predicates on this data model to describe the
semantics of security tokens and of sample protocols distributed
with the WSE implementation of WS-Security.
By embedding our data model within Abadi and Fournet's applied pi
calculus, we formulate and prove security properties with respect to
the standard Dolev-Yao threat model.
Moreover, we informally discuss issues not addressed by the formal
To the best of our knowledge, this is the first approach to the
specification and verification of security protocols based on a
faithful account of the XML wire format.