Semantic Security Policy for Web Service

A primary problem for the security of web service is how to precisely express and match the security policy of each participant that may be in different security domain. Presently, most schemes use syntactic approaches, where pairs of policies are compared for structural and syntactic similarity to determine compatibility, which is prone to result in false negative because of lacking semantics. In this paper, we propose a novel approach to express and match the security policy of web service based on semantics. Through constructing a general security ontology, we present the definition method and matching algorithm of semantic security policy for web service. The use of semantic security policy enables richer representations of policy intent and allows matching of policies with compatible intent, but dissimilar syntax, which is not possible with syntactic approaches. The proposed security ontology is extensible and the semantic security policy is of strong inferability and adaptability, and these characteristics are extremely important to the heterogeneous and dynamic environment of web service.