Security personalization for internet and web services

International Journal of Web Services Research

Volumn 5, Issue 1, 2008, Pages 1-23

  Yee, George O M ^a   Korba, Larry ^a  

^a NATIONAL RESEARCH COUNCIL CANADA   (Canada)

Author keywords

Internet services; Negotiation; Personalization; Security; Security policy; Web services

Indexed keywords

INTERNET SERVICE PROVIDERS; SALES; SECURITY SYSTEMS; WEB CRAWLER; WEBSITES;

INTERNET SERVICES; NEGOTIATION; PERSONALIZATIONS; SECURITY; SECURITY POLICY;

WEB SERVICES;

EID: 55949112462     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2008010101     Document Type: Article

References (39)

1. Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P. et al. (2006a). Web Services Policy Framework (WS-Policy). Version, 1.2, March. Retrieved March 28, 2006 from: http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/wspolfram/ ws-policy-2006-03-01.pdf
2. Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P. et al. (2006b). Web Services Policy Attachment (WS-PolicyAttachment). Version, 1.2, March. Retrieved March 28, 2006 from: http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ ws-polatt/ws-polat-2006-03-01.pdf
3. Barrere, F., Benzekri, A., Grasset, F., Laborde, R., & Nasser, B. (2003). Inter-Domains Policy Negotiation. In Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY'03), (pp. 239-242), Lake Como, Italy.
4. Bertino, E., Castano, S., & Ferrari, E. (2001). On Specifying Security Policies for Web Documents with an XML-Based Language. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, (pp. 57-65), Chantilly, Virginia.
5. Bertino, E., Ferrari, E., & Squicciarini, A. (2004). Trust negotiation: Concepts, systems, and languages. Computing in Science and Engineering, July/August, 27-34.
6. Bhargavan, K., Fournet, C., Gordon, A., & O'Shea, G. (2005). An Advisor for Web Services Security Policies. In Proceedings of the 2005 Workshop on Secure Web Services (SWS '05), (pp. 1-9), Fairfax, Virginia, USA.
7. Chou, W. (2002, July-August). Inside SSL: The secure sockets layer protocol. IT Pro, 47-52.
8. Della-Libera, G., Gudgin, M., Hallam-Baker, P., Hondo, M., Granqvist, H., Kaler, C. et al. (2005). Web Services Security Policy Language (WS-Security-Policy). Version 1.1, July. Retrieved July 28, 2006 from: ftp://www6.software.ibm.com/software/developer/library/ ws-secpol.pdf
9. Dinsmore, P., Balenson, D., Heyman, M., Kruus, P., Scace, C., & Sherman, A. (2000). Policy-Based Security Management for Large Dynamic Groups: An Overview of the DCCM Project. In Proceedings, DARPA Information Survivability Conference and Exposition (DISCEX'00), Vol. 1, (pp. 64-73). Hilton Head, South Carolina.
10. Duflos, S. (2002). An Architecture for Policy-Based Security Management for Distributed Multimedia Services. In Proceedings of the 10th ACM International Conference on Multimedia, (pp. 653-655), Juan-les-Pins, France.
11. Faheem, H. (2005). A Multiagent-Based Approach for Managing Security Policy. In Proceedings of the 2nd IFIP International Conference on Wireless and Optical Communications Networks (WOCN 2005), (pp. 351-356), Dubai, UAE.
12. Hale, J., Galiasso, P., Papa, M., & Shenoi, S. (1999). Security Policy Coordination for Heterogeneous Information Systems. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC '99), (pp. 219-228), Scottsdale, Arizona.
13. Ho, S., & Kwok, S. (2003). The attraction of personalized service for users in mobile commerce: An empirical study. ACM SIGecom Exchanges, 3(4), 10-18,.
14. International Organization for Standardization. (n.d.). IS0 7498-2, Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. Retrieved Feb. 11, 2004 from http://www.iso.org/
15. ITU-T. (n.d.). Recommendation X.800, Security Architecture for OSI. Retrieved Feb. 11, 2004 from: http://www.itu.int/rec/ recommendation.asp?type=items&lang=e&parent=T-REC-X.800-199103-I
16. Joshi, J., Aref, W., Ghafoor, A., & Spafford, E. (2001). Security models for Web-based applications. Communications of the ACM, 44(2), 38-44.
17. Khurana, H., Gavrila1, S., Bobba, R., Koleva, R., Sonalker, A., Dinu, E., Gligor, V., & Baras, J. (2003). Integrated Security Services for Dynamic Coalitions. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX'03), Vol. 2, (pp. 38-40), Washington D.C..
18. Lee, A.J., Winslett, M., Basney, J., & Welch, V. (2006). Traust: A Trust Negotiation-Based Authorization Service for Open Systems. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, (pp. 39-48), Lake Tahoe, California.
19. OASIS (2006). Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS Standard Specification, February 1. Retrieved March 28, 2006 from http://www.oasis-open.org/committees/ download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
20. O'Neill, M., Hallam-Baker, P., Cann, S.M., Sherma, M., Simon, E., Watters, P.A. & White, A. (2003). Web Services Security. McGraw-Hill/Osborne.
21. Park, J., & Chung, J. (2003). Design of SPS Model Using Mobile Agent System. In Proceedings of the IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, (pp. 38-42), Taipei, Taiwan.
22. Rannenberg, K. (2001). Multilateral Security a Concept and Examples for Balanced Security. In Proceedings of the 2000 Workshop on New Security Paradigms, (pp. 151-162), Ballycotton, County Cork, Ireland.
23. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., & Seamons, K.E. (2005). Adaptive Trust Negotiation and Access Control. In Proceedings of the 10 ACM Symposium on Access Control Models and Technologies, (pp. 139-146), Stockholm, Sweden.
24. Scott, D. & Sharp, R. (2003). Specifying and enforcing application-level Web security policies. IEEE Transactions on Knowledge and Data Engineering, 15(4), 771-783.
25. Tan, J.J., Poslad, S., & Xi, Y. (2004). Policy Driven Systems for Dynamic Security Reconfiguration. Proceedings of the 3rd International Joint Conference on Autonomous Agents and Multiagent Systems, Vol. 3, (pp. 1274-1275), New York, New York.
26. Telecom Italia Lab. (n.d.). JADE (Java Agent Development Framework). Retrieved Feb. 14, 2005 from http://jade.tilab.com/
27. Torrellas, G.A.S. & Vargas, L.A.V. (2003). Modelling a Flexible Network Security Systems Using Multi-Agents Systems: Security Assessment Considerations. In Proceedings of the 1st International Symposium on Information and Communication Technologies (ISICT 03), pp. 365-371, Dublin, Ireland.
28. Varadharajan, V. (1990). A Multilevel Security Policy Model for Networks. In Proceedings of the 9th Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM 90), Vol. 2, (pp. 710-718), San Francisco, California.
29. Ventuneac, M., Coffey, T., & Salomie, I. (2003). A Policy-Based Security Framework for Web-Enabled Applications. In Proceedings 1st International Symposium on Information and Communication Technologies, (pp. 487-492), Dublin, Ireland.
30. Winsborough, W., & Li, N. (2004). Safety in Automated Trust Negotiation. In Proceedings, 2004 IEEE Symposium on Security and Privacy (S&P'04), (pp. 147-160), Oakland, California.
31. Winslett, M., Yu, T., Seamons, K., Hess, A., Jacobson, J., Jarvis, R. et al. (2002). Negotiating trust on the web. IEEE Internet Computing, November/December, 30-37,.
32. World Wide Web Consortium (W3C) (n.d.). Extensible Markup Language (XML). Retrieved March 18, 2006 at http://www.w3.org/XML/
33. Yang, Y., Fu, Z., & Wu, S. (2003). Bands: An Inter-Domain Internet Security Policy Management System for IPSEC/VPN. In Proceedings of the IFIP/IEEE 8th International Symposium on Integrated Network Management, (pp. 231-244), Colorado Springs, Colorado.
34. Yau, S., Yao, Y., Chen, Z., & Zhu, L. (2005). An Adaptable Security Framework for Service-based Systems. In Proceedings 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2005), (pp. 28-35), Sedona, Arizona.
35. Yee, G., & Korba, L. (2003a). Bilateral E-services Negotiation Under Uncertainty. In Proceedings of the 2003 International Symposium on Applications and the Internet (SAINT2003), (pp. 352-355), Orlando, Florida.
36. Yee, G., & Korba, L. (2003b). The Negotiation of Privacy Policies in Distance Education. In Proceedings of the 14th IRMA International Conference, (pp. 702-705), Philadelphia, Pennsylvania.
37. Yee, G., & Korba, L. (2005a). Semi-automatic derivation and use of personal privacy policies in e-business. International Journal of E-Business Research, 1(1), 54-69.
38. Yee, G., & Korba, L. (2005b). Negotiated Security Policies for E-Services and Web Services. In Proceedings of the 2005 IEEE International Conference on Web Services (ICWS 2005), Vol. 2, (pp. 605-612), Orlando, Florida.
39. Yee, G., & Korba, L. (2005c). Context-Aware Security Policy Agent for Mobile Internet Services. In Proceedings of the 2005 IFIP International Conference on Intelligence in Communication Systems (INTELLCOMM 2005), (pp. 249-259), Montreal, Quebec, Canada.