Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Trustworthy Web Services: Actions for Now
IT Professional
Attributed Based Access Control (ABAC) for Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Trust Enhanced Security for Mobile Agents
CEC '05 Proceedings of the Seventh IEEE International Conference on E-Commerce Technology
Distributed Policy Specification and Enforcement in Service-Oriented Business Systems
ICEBE '05 Proceedings of the IEEE International Conference on e-Business Engineering
A Framework for Enhancing Web Services Security
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Web Services Composition with Incomplete QoS Information
CITWORKSHOPS '08 Proceedings of the 2008 IEEE 8th International Conference on Computer and Information Technology Workshops
Enhancing Security Modeling for Web Services Using Delegation and Pass-On
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
Trust Management for Web Services
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
BOF4WSS: A Business-Oriented Framework for Enhancing Web Services Security for e-Business
ICIW '09 Proceedings of the 2009 Fourth International Conference on Internet and Web Applications and Services
WS-Policy: On Conditional and Custom Assertions
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Integrated Security Framework for Secure Web Services
IITSI '10 Proceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security Informatics
SEDA4SC: A staged event-driven architecture for adaptive service computing runtime
ISCC '11 Proceedings of the 2011 IEEE Symposium on Computers and Communications
SP 800-95. Guide to Secure Web Services
SP 800-95. Guide to Secure Web Services
| Hi-index | 0.00 |
Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.