Security policy composition for composite web services

IEEE Transactions on Services Computing

Volumn 4, Issue 4, 2011, Pages 314-327

  Satoh, Fumiko ^a   Tokuda, Takehiro ^b  

^a IBM RESEARCH TOKYO   (Japan)

^b TOKYO INSTITUTE OF TECHNOLOGY   (Japan)

Author keywords

Composite web services; quality of service

Indexed keywords

COMPOSITE PROCESS; COMPOSITE SERVICES; COMPOSITE WEB SERVICES; COMPOSITION MECHANISMS; COMPOSITION RULE; NON-FUNCTIONAL REQUIREMENTS; RECURSIVE STRUCTURE; SECURITY POLICY; SERVICE ORIENTED; TOPDOWN;

INFORMATION SERVICES; QUALITY OF SERVICE; SECURITY SYSTEMS; SERVICE ORIENTED ARCHITECTURE (SOA); STRUCTURE (COMPOSITION);

WEB SERVICES;

EID: 81455142679     PISSN: 19391374     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSC.2010.40     Document Type: Article

References (21)

1. Web Services Business Process Execution Language Version 2.0, http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS. html, 2011.
2. C. Tziviskou and E.D. Nitto, "Logic-Based Management of Security in Web Services," Proc. IEEE Int'l Conf. Service Computing (SCC '07), pp. 228-235, 2007. (Pubitemid 47565600)
3. A.J. Lee, J.P. Boyer, L.E. Olson, and C.A. Gunter, "Defeasible Security Policy Composition for Web Services," Proc. Fourth ACM Workshop Formal Methods in Security (FMSE '06), pp. 45-54, 2006. (Pubitemid 47154950)
4. Web Services Interoperability Organization (WS-I), http://www.ws-i.org, 2011.
5. WS-I, Supply Chain Management, http://www.ws-i.org/deliverables, 2011.
6. Eclipse BPEL Project, http://www.eclipse.org/bpel, 2011.
7. WebSphere Integration Developer, http://www.ibm.com/software/integration/ wid, 2011.
8. Web Services Security: SOAP Message Security 1.1, http://www.oasis-open. org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf, 2011.
9. WS-SecurityPolicy 1.2, http://www.oasis-open.org/committees/download.php/ 23821/ws-securitypolicy-1.2-spec-cs.pdf, 2011.
10. Web Services Policy 1.5-Attachment, http://www.w3.org/TR/2007/REC-ws- policy-attach-20070904, 2011.
11. K. Bhargavan, C. Fournet, and A.D. Gordon, "Verifying Policy-Based Security for Web Services," Proc. 11th ACM Conf. Computer and Comm. Security, pp. 268-277, 1992.
12. Y.H. Li, H. Paik, B. Benatallah, and S. Benbernou, "Formal Consistency Verification between BPEL Process and Privacy Policy," Proc. Int'l Conf. Privacy Security and Trust Conf.: Bridge the Gap between PST Technologies and Business Services (PST '06), 2006.
13. D.D. He and J. Yang, "Security Policy Specification and Integration in Business Collaboration," Proc. IEEE Int'l Conf. Service Computing (SCC '07), pp. 20-27. 2007. (Pubitemid 47565574)
14. M. Srivatsa, A. Iyengar, T. Mikalsen, I. Rouvellou, and J. Yin, "An Access Control System for Web Service Compositions," Proc. IEEE Int'l Conf. Web Services (ICWS '07), pp. 1-8, 2007.
15. A. Charfi and M. Mezini, "Using Aspects for Security Engineering of Web Service Compositions," Proc. IEEE Int'l Conf. Web Services (ICWS '05), pp. 59-66, 2005. (Pubitemid 44460193)
16. eXtensible Access Control Markup Language (XACML) Version 2.0, http://docs.oasis-open.org/xacml/2.0/access-control-xacml-2.0-core-spec-os.pdf, 2011.
17. F. Satoh and T. Tokuda, "Security Policy Composition for Composite Services," Proc. Int'l Conf. Web Eng., pp. 86-97, 2008.
18. C. Nentwich, W. Emmerich, A. Finkelstein, and E. Ellmer, "Flexible Consistency Checking," ACM Trans. Software Eng. and Methodology, vol. 12, no. 1, pp. 28-63, 2003.
19. H.J. Wang and M. Yuan, "Predicate Logic and Its Application in Workflow Security Policy Management," http://math.arizona. edu/~ksimic/ming.doc, 2005.
20. J.Y. Halpern and V. Weissman, "Using First-Order Logic to Reason about Policies," Proc. 16th IEEE Computer Security Foundations Workshop, pp. 187-201, 2003.
21. J. Glasgow, G. Macewen, and P. Panangaden, "A Logic for Reasoning about Security," ACM Trans. Computer Systems, vol. 10, no. 3, pp. 226-264, 1992.