Title :
A Web Services security policy assistant
Author :
Lavarack, Tristan ; Coetzee, Marijke
Author_Institution :
Acad. for Inf. Technol., Univ. of Johannesburg, Johannesburg, South Africa
Abstract :
WS-Policy (Web Services Policy) and related security specifications provide a standard way to describe the security requirements and capabilities of both web services consumers and providers. The specification of the security requirements and capabilities of a service and its consumer in policy alternatives, and their combination to find the applicable policy is difficult. Currently, security policy compatibility is difficult to achieve as the algorithm only considers the syntactic evaluation of policy alternatives, leading to inconsistent policies that required further investigation. The evaluation of the security provided by a set of policy alternatives, the related effect that policy alternatives and environmental influences have on each other is not considered. This paper presents a design of an evaluation tool that can assist administrators to determine the level of security supported by a web services security policy. The design employs domain vocabularies, fuzzy techniques and domain-specific preferences.
Keywords :
Web services; security of data; Web services security policy assistant; domain vocabularies; domain-specific preferences; fuzzy techniques; policy alternatives; security evaluation; security requirements; security specifications; syntactic evaluation; Context; Fires; Organizations; Security;
Conference_Titel :
Internet Technology and Secured Transactions (ICITST), 2010 International Conference for
Conference_Location :
London
Print_ISBN :
978-1-4244-8862-9
Electronic_ISBN :
978-0-9564263-6-9
