Proceedings of the 2004 workshop on Secure web service

The idea of proposing a Secure Web Service Workshop (SWS) in the framework of the ACM Conference on Computer and Communications Security (CCS) came from the observation that web service security research is approaching a turning point. In the past few years, several building blocks enabling Web Services and the nodes of GRID architectures to interoperate securely have been designed, developed and deployed. Standardization activity has also been intense, producing a set of basic access control and security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML. While these building blocks are now firmly in place, a number of new and perhaps harder challenges are to be met for Web services and GRID nodes to be fully secured and trusted, providing the kind of secure communication between cross-platform and cross-language Web services that is needed to support complex, inter-organization business processes. Indeed, the current trend toward representing Web services orchestration and choreography via advanced business process metadata is fostering a further evolution of current security models and languages, whose key issues include setting and managing security policies, inter-organizational (trusted partner) security issues and the implementation of high level business policies in a Web services environment. The SWS 2004 workshop explored these challenges, adopting a rigorous refereeing process (acceptance rate was around 38%) but giving also the opportunity of presenting and discussing very recent work and unconventional research ideas. Authors were given the opportunity to prepare a final version of their work after the workshop; while this inevitably caused some delay, it gave them the opportunity of taking into account the lively discussions we had at SWS 2004. The final program includes papers that range from the advancement and best practices of basic technologies such as XML and Web services security protocols to higher level issues such as advanced metadata, general security policies, trust establishment, risk management, and service assurance. Also, SWS tried to collect the heritage of the XML Security Workshop started by our colleague and friend Michiharu Kudo, including some contributions on how security models for semi-structured information are evolving.