Quality of Security Service for Web Services within SOA

Service-Oriented Architecture (SOA) is a paradigm for creating and encapsulating business processes in the form of loose-coupling, autonomous and abstracted services. Managing the non-functional requirements of SOA such as security, is an over arching problem due to the wide variety of ways the service consumer can access the services offered by the service provider and the equally varied restrictions the service provider can set for gaining access by the service consumer. In this work, we propose a metadata for quality of security service for SOA. The proposed metadata provides different levels to describe the available variations of the authentication, authorization and privacy features that are related to SOA security. A Web Service for Quality of Security Service (QoSS) is then constructed to encapsulate the suggested metadata in order to assist the service consumer and provider to achieve a QoSS agreement meeting both of their requirements. The QoSS agreement will perform as an enforced policy for managing the interactions between the service provider and consumer. The service of QoSS is located inside a complete framework for securing SOA.

[1]  Changzhou Wang,et al.  Integrated quality of service (QoS) management in service-oriented enterprise architectures , 2004, Proceedings. Eighth IEEE International Enterprise Distributed Object Computing Conference, 2004. EDOC 2004..

[2]  Hartmut Ritter,et al.  Efficient Selection and Monitoring of QoS-Aware Web Services with the WS-QoS Framework , 2004, IEEE/WIC/ACM International Conference on Web Intelligence (WI'04).

[3]  Eric. Newcomer,et al.  Understanding SOA with Web Services , 2004 .

[4]  Cynthia E. Irvine,et al.  Quality of security service , 2001, NSPW '00.

[5]  Paolo Traverso,et al.  Service-Oriented Computing: State of the Art and Research Challenges , 2007, Computer.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Changzhou Wang,et al.  A policy-based approach for QoS specification and enforcement in distributed service-oriented architecture , 2005, 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1.

[8]  Changzhou Wang,et al.  A Multi-Layer Security Enabled Quality of Service (QoS) Management Architecture , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[9]  Miriam A. M. Capretz,et al.  An authorization model for Web Services within SOA , 2008, 2008 Third International Conference on Digital Information Management.

[10]  Miao Liu,et al.  An attribute and role based access control model for Web services , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[11]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[12]  Prasad A. Chodavarapu,et al.  SOA SECURITY , 2008 .

[13]  ZhengYou Xia,et al.  Extending RSVP for quality of security service , 2006, IEEE Internet Computing.

[14]  Rubén Alonso,et al.  ISOAS: Through an independent SOA Security Specification , 2008, Seventh International Conference on Composition-Based Software Systems (ICCBSS 2008).

[15]  Shuping Ran,et al.  A model for web services discovery with QoS , 2003, SECO.

[16]  Miriam A. M. Capretz,et al.  A Fine-Grained Privacy Structure for Service-Oriented Architecture , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[17]  Fan Hong,et al.  An Attribute-Based Access Control Model for Web Services , 2006, PDCAT.

[18]  Xiaomin Wang,et al.  An Architecture for Differentiated Security Service , 2008, 2008 International Symposium on Electronic Commerce and Security.

[19]  M.A.M. Capretz,et al.  Use of Data Mining to Enhance Security for SOA , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[20]  Dirk Krafzig,et al.  Enterprise SOA: Service-Oriented Architecture Best Practices , 2004 .

[21]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[22]  Guijun Wang,et al.  A study of service composition with QoS management , 2005, IEEE International Conference on Web Services (ICWS'05).