{"title":"Considering web services security policy compatibility","authors":"Tristan Lavarack, M. Coetzee","doi":"10.1109/ISSA.2010.5588269","DOIUrl":null,"url":null,"abstract":"For most organizations supporting business-to-business (B2B) web services interactions, security is a growing concern. Web services providers and consumers document their primary and alternative security policy requirements and capabilities in security policy files, defined by WS-Policy, WS-SecurityPolicy and WS-Security syntax. To secure message exchanges to the satisfaction of all parties, the security requirements of both web services providers and consumers need to be satisfied. This paper investigates how mutually agreed-upon security policies can be created. An analysis of the policy intersection algorithm highlights its deficiencies for finding mutually compatible policies. The interrelated effect that security policy assertion choices have on each other is identified as an important aspect not yet considered. Over and above security policy assertions, other influence on security policy choices, which may affect the security level supported by the organization, is identified. A proposal is made on how the assertions of two security policies should be considered, in order to create a secure, mutually agreed-upon security policy that will satisfy the requirements of both parties.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"299 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Information Security for South Africa","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSA.2010.5588269","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
For most organizations supporting business-to-business (B2B) web services interactions, security is a growing concern. Web services providers and consumers document their primary and alternative security policy requirements and capabilities in security policy files, defined by WS-Policy, WS-SecurityPolicy and WS-Security syntax. To secure message exchanges to the satisfaction of all parties, the security requirements of both web services providers and consumers need to be satisfied. This paper investigates how mutually agreed-upon security policies can be created. An analysis of the policy intersection algorithm highlights its deficiencies for finding mutually compatible policies. The interrelated effect that security policy assertion choices have on each other is identified as an important aspect not yet considered. Over and above security policy assertions, other influence on security policy choices, which may affect the security level supported by the organization, is identified. A proposal is made on how the assertions of two security policies should be considered, in order to create a secure, mutually agreed-upon security policy that will satisfy the requirements of both parties.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
