Title :
Web Services Security Policy Assertion Trade-offs
Author :
Lavarack, Tristan ; Coetzee, Marijke
Author_Institution :
Acad. of Comput. Sci. & Software Eng., Univ. of Johannesburg, Gauteng, South Africa
Abstract :
Web services security requirements and capabilities are described in security policies. To enable the seamless interoperation between services, security policy intersection aims to provide a security policy that will satisfy both the service provider and consumer. Not only are there numerous problems with this approach, but is it also difficult for administrators to evaluate the resultant security level supported by such a policy. In contrast to this approach, security policy trade-off analysis can allow parties to make compromises to accommodate each other, while still achieving a satisfactory security level. This paper focuses on modeling the decisions and compromises to be made by web services providers or consumers to be able to interact with each other securely. The security policy support system built to model this problem employs domain vocabularies, fuzzy techniques and domain-specific preferences.
Keywords :
Web services; security of data; Web service providers; Web service security policy assertion trade-offs; Web service security requirement; domain-specific preferences; fuzzy technique; resultant security level; satisfactory security level; seamless interoperation; security policy intersection; security policy support system; security policy trade-off analysis; Algorithm design and analysis; Authentication; Encryption; Measurement; Vocabulary; Web services; FCM; Policy Compatibility; Policy Intersection; WS-Policy; WS-SecurityPolicy;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.80
