Webservices based on the Simple Object Access Protocol (SOAP) have gained in popularity during the last four years. SOAP is expected to become the first choice for inter application communication protocolls in the near future.

As the SOAP specification does not address security issues, Webservices security has been implemented using transport layer mechanisms. However, implementing webservices security by using transport channel security mechanisms implies some limitations and is a contradiction to the transport protocol neutrality of SOAP.

Security is addressed in an extension to SOAP called WS-Security. WS-Security provides the mechanisms needed in order to implement message oriented security with SOAP on the application layer of the OSI Stack. WS-Security does not cover every security aspect. These aspects are to be addressed in emerging extension protocols for WS-Security.

This Dokument starts with a description of security requirements for Webservices. In the following section, specifications offering the functionality needed in order to implement message oriented security with SOAP are described. An overview over XML security appliances is provided as well. The security model for Webservices as specified under the leadership of Microsoft and IBM is examined in depth.

In a further section, the problem space of Webservices Firewalls is analysed and requirements for such a System are described.

A research on available Java implementations of security specifications is conducted. These implementations are examined in matters of features and license models.

In the following section, an architecture and the design for a Webservices Firewall is developed which is then implemented in Java. This implemented system is a proof of concept that can be used to further examine the topic.

The thesis closes with information on project management and an activity log of the individual candidates.