Securing VO management

  • Authors:
  • Florian Kerschbaum;Rafael Deitos;Philip Robinson

  • Affiliations:
  • SAP Research, Karlsruhe, Germany;Automation and Systems Department, Federal University of Santa Catarina, Florianópolis, Brazil;SAP Research, Karlsruhe, Germany

  • Venue:
  • TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this paper we propose a security architecture and mechanism for Virtual Organizations (VO) for businesses. The VOs we consider are based on web service technology to address interoperability issues and cater for future business software, and are dynamic, i.e. their membership may change frequently throughout their lifetime. We improve over previous approaches in the following aspect: We have designed, implemented and evaluated a comprehensive security mechanism for our architecture that can protect both the web services in the VO and the VO management services. The security policies of VO management are enforced by inspecting the request for the encodings of parameters that are relevant to the policy decision. The basic idea may be applicable to other web service based software with data-dependent security policies, e.g. databases.