• DocumentCode
    2290776
  • Title

    Security Policy Composition for Composite Services

  • Author

    Satoh, Fumiko ; Tokuda, Takehiro

  • Author_Institution
    IBM Tokyo Res. Lab., Yamato
  • fYear
    2008
  • fDate
    14-18 July 2008
  • Firstpage
    86
  • Lastpage
    97
  • Abstract
    An application based Service-Oriented Architecture(SOA) consists of an assembly of external services and the application is called as a composite service. Acomposite service could be implemented by other composite services hence the application could have a recursive structure, which is one of the features of SOA application. Securing an SOA application is an important non-functional requirement. However, specifying a security policy of a composite service is not so easy because the policy should keep the consistency with other policies of external services which are invoked in the process. We need the way to assure the consistency of policies, but the concrete way is not developed yet to specify a consistent policy for a composite service. Therefore, this paper proposes a security policy composition mechanism from existing policies of external services. Our contribution is creating a security policy of a composite service automatically based on predicate logic, with support for two approaches of policy composition: bottom-up and top-down. Also, we focus on three kinds of security policies, such as a Data Protection Policy, an Access Control Policy, and a Composite Process Policy, and propose the policy composition rules for each policy. Our mechanism makes it possible to validate the consistency of policies by inference without increasing a developer´s workload, even if a composite service has a recursive structure.
  • Keywords
    Web services; authorisation; software architecture; access control policy; composite process policy; composite services; data protection policy; predicate logic; security policy composition; service-oriented architecture; Access control; Application software; Assembly; Computer science; Computer security; Data security; Laboratories; Logic; Protection; Service oriented architecture;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Web Engineering, 2008. ICWE '08. Eighth International Conference on
  • Conference_Location
    Yorktown Heights, NJ
  • Print_ISBN
    978-0-7695-3261-5
  • Electronic_ISBN
    978-0-7695-3261-5
  • Type

    conf

  • DOI
    10.1109/ICWE.2008.23
  • Filename
    4577872