Context-Driven Policy Enforcement and Reconciliation for Web Services

Security of Web services is a major factor to their successful integration into critical IT applications. An extensive research in this direction concentrates on low level aspects of security such as message secrecy, data integrity, and authentication. Thus, proposed solutions are mainly built upon the assumption that security mechanisms are static and predefined. However, the dynamic nature of the Internet and the continuously changing environments where Web services operate require innovative and adaptive security solutions. This paper presents our solution for securing Web services based on adaptive policies, where adaptability is satisfied using the contextual information of the Web services. The proposed solution includes a negotiation and reconciliation protocol for security policies.

[1]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[2]  Zakaria Maamar,et al.  Towards an ontology-based approach for specifying and securing Web services , 2006, Inf. Softw. Technol..

[3]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[4]  Diego Calvanese,et al.  A Foundational Vision of e-Services , 2003, WES.

[5]  Sudhir Agarwal,et al.  Access control for semantic Web services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[6]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[7]  Mike P. Papazoglou,et al.  Exploring a multi-faceted framework for SOC: how to develop secure Web-service interactions? , 2004, 14th International Workshop Research Issues on Data Engineering: Web Services for e-Commerce and e-Government Applications, 2004. Proceedings..

[8]  Sudhir Agarwal,et al.  Credential Based Access Control for Semantic Web Services , 2004 .

[9]  Zakaria Maamar,et al.  A Web services composition approach based on software agents and context , 2004, SAC '04.

[10]  Patrick Brézillon,et al.  Modeling context-based security policies with contextual graphs , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[11]  Hao Wang,et al.  Security policy reconciliation in distributed computing environments , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[12]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[13]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[14]  Fabio Casati,et al.  Dynamic and adaptive composition of e-services , 2001, Inf. Syst..

[15]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[16]  Alfred C. Weaver,et al.  A Dynamic, Context-Aware Security Infrastructure , 2004 .