Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
Web services security configuration in a service-oriented architecture
WWW '05 Special interest tracks and posters of the 14th international conference on World Wide Web
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Web services enterprise security architecture: a case study
Proceedings of the 2005 workshop on Secure web services
Verifying policy-based web services security
ACM Transactions on Programming Languages and Systems (TOPLAS)
Syntactic Validation of Web Services Security Policies
ICSOC '07 Proceedings of the 5th international conference on Service-Oriented Computing
Secure Web Service Workflow Execution
Electronic Notes in Theoretical Computer Science (ENTCS)
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Using XML schema to improve writing, validation, and structure of WS-policies
Proceedings of the 2010 ACM Symposium on Applied Computing
Specifying and verifying organizational security properties in first-order logic
Verification, induction termination analysis
Specifying and verifying organizational security properties in first-order logic
Verification, induction termination analysis
Securing web service compositions: formalizing authorization policies using event calculus
ICSOC'06 Proceedings of the 4th international conference on Service-Oriented Computing
Hi-index | 0.00 |
This paper presents an emerging tool for securityconfiguration of service-oriented architectures with WebServices. Security is a major concern when implementingmission-critical business transactions and such concernmotivated the development of Web Services Security(WS-Security). However, the existing tools for configuringthe security properties of Web Services give atechnology-oriented view, and only assist in choosingthe data to encrypt and selecting an encryption algorithm.The users must construct their own mental modelsof how the security configurations actually relate tobusiness policies.In contrast, the tool described here gives a simplified,business-policy-oriented view. It models the messagingwith customers and business partners, lists variousthreats, and presents best-practice security patternsagainst the threats. A user can select among variationson the basic patterns according to the business policies,and then apply them to the messaging model through theGUI. The result of the pattern application is describedin the Web Services Security Policy Language (WS-SecurityPolicy).