Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes

Typically, in areas such as e-business and e-government, among others, Web services are used as basic components for building business processes. Participants in a business process may have different computational platforms that should interoperate in order to achieve the process goals. This interoperability is supported by the Web service technology. Thus, the importance of the technology is growing and its use in these areas demands security concern. However, the current approach for building processes from services, based on the Web Services Business Process Execution Language (WS-BPEL), does not consider security. This paper proposes an approach for building processes according to provider capabilities and consumer security requirements. These characteristics are expressed using Web Services Policy Framework (WS-Policy) policies and a Web Ontology Language (OWL) ontology. The main contribution of this paper is the use of semantics-enriched security policies for enriching Web service business processes.