An extended RBAC profile of XACML
Proceedings of the 3rd ACM workshop on Secure web services
A security policy framework for context-aware and user preferences in e-services
Journal of Systems Architecture: the EUROMICRO Journal
Context sensitive adaptive authentication
EuroSSC'07 Proceedings of the 2nd European conference on Smart sensing and context
Hi-index | 0.00 |
The growth of the Internet has been accompanied by the growthof e-services (e.g. e-commerce, ehealth). This proliferation of e- services and the increasing attacks on them by malicious individuals have highlighted the need for e-service security. The securityrequirements of an e-service may be specified in an e-servicesecurity policy. The provider of the eservice is then responsiblefor implementing the security measures contained in the policy.However, a service consumer may have security preferences that are not reflected in the providerýs e-service security policy (e.g.defense contractors may require higher levels of security). In orderfor service providers to reach a wider market, a way of customizinga security policy to a particular consumer is needed. We derive the content of an e-service security policy and propose a flexibleapproach that will allow an e-service provider and consumer tonegotiate to an agreed-upon e-service security policy. In addition,we examine how our approach may be implemented in a WebServices environment and briefly describe the design of our security policy negotiation prototype.