论文信息 - Using Patterns to Understand and Compare Web Services Security Products and Standards

Using Patterns to Understand and Compare Web Services Security Products and Standards

Web services are becoming an important way for enterprises to interoperate. Many security standards have been developed for web services, but they are still vulnerable to a variety of attacks; lack of security is one of the main reasons given by people who are reluctant to use web services even knowing of their advantages. A problem with web services security standards is that several organizations are involved in developing them and as a result there are many, and they may overlap. We are developing a catalog of architectural security patterns for web services corresponding to security standards and mechanisms. In this paper we explore another aspect: how to compare standards using patterns. By expressing standards as patterns, we can compare them and understand them better. For example, we can discover potentially overlapping and inconsistent aspects between them.

Eduardo B. Fernández | Nelly A. Delessy | E. Fernández | N. Delessy

[1] Mike P. Papazoglou,et al. Service oriented computing : Introduction , 2003 .

[2] Michiaki Tatsubori,et al. Best-practice patterns and tool support for configuring secure Web services messaging , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[3] Winfried Lamersdorf,et al. Flexible coordination of service interaction patterns , 2004, ICSOC '04.

[4] Mike P. Papazoglou,et al. Introduction: Service-oriented computing , 2003, CACM.

[5] Eduardo B. Fernández,et al. A Pattern System for Access Control , 2004, DBSec.

[6] Eduardo B. Fernandez,et al. A pattern language for security models , 2001 .

[7] Eduardo B. Fernández,et al. A Methodology for Secure Software Design , 2004, Software Engineering Research and Practice.

[8] B. Cheng,et al. Security Patterns , 2003 .

[9] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[10] Quan Z. Sheng,et al. Overview of some patterns for architecting and managing composite web services , 2002, SECO.

[11] Marco Aiello,et al. Proceedings of the Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services (AICT/ICIW 2006) , 2006 .