A Framework for Web Services Security Policy Negotiation
نویسندگان
چکیده
In today’s business environment, the use of web services technology is becoming more popular. This growth has been met with an increase of security related attacks, which has caused web services providers to adopt stricter security policies. As not all web service consumers can implement the security requirements of web services providers, they may turn to use the services of other providers. In order to address this problem, this paper introduces a framework for a web services security policy negotiation system that web services consumers and providers can use to negotiate a customised security contract. The framework is defined over current web services technology, to be used by business-to-business (B2B) web services collaborations. The inflexibility of current security policy specification languages for negotiation is overcome, by incorporating human intuitiveness supported by an intelligent negotiation support system.
منابع مشابه
Model-Driven Trust Negotiation for Web Services
The Trust-Serv trust negotiation framework supports policy lifecycle management for Web services. T rust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. 1 In this negotiation, credentials — signed assertions that describe the owner's attributes — are exchanged iteratively t...
متن کاملSecurity-by-Contract for Web Services or How to Trade Credentials for Services∗
The classical approach to access control of Web Services is to present a number of credentials for the access to a service and possibly negotiate their disclosure using a suitable negotiation protocol and a policy to protect them. In practice a “Web Service” is not really a single service but rather a set of services that can be accessed only through a suitable conversation. Further, in real-li...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملA Policy-based Adaptive Web Services Security Framework
Web services security has become a hot topic in the research of service oriented computing. This paper aims to study many pivotal technologies in the web services security. Firstly, a policy-based framework for adaptive web services security is proposed, with the policy concept, management mechanism and execution mechanism can be separated effectively, moreover, by management of user context an...
متن کاملContext-Driven Policy Enforcement and Reconciliation for Web Services
Security of Web services is a major factor to their successful integration into critical IT applications. An extensive research in this direction concentrates on low level aspects of security such as message secrecy, data integrity, and authentication. Thus, proposed solutions are mainly built upon the assumption that security mechanisms are static and predefined. However, the dynamic nature of...
متن کامل