{"title":"web服务安全体系结构的五个标准","authors":"R. Addie, A. Colman","doi":"10.1109/NSS.2010.100","DOIUrl":null,"url":null,"abstract":"Five properties of an architecture for secure access to web services are defined and two existing architectures are evaluated according to these criteria. References to these criteria in the literature and evaluation of the security architectures are tabulated in the conclusion. Policy-sufficiency is defined as the requirement that any meaningful statements can be expressed in policy definitions of the architecture. Protocol neutrality is the requirement that a protocol exchange which is logically equivalent to a valid protocol sequence is also valid. Predicateboundedness is the constraint that a fixed, finite set of predicates (or language constructs) will be sufficient for security policy definitions, i.e. the language does not need to be incrementally extended indefinitely. Protocol-closure requires that security protocols can be combined together arbitrarily to make new protocols. Finally, processing complexity constrains algorithms for evaluating security rules to be of satisfactory (low) complexity. No existing security architectures recieve a tick for all five of these criteria. The RW architecture is more successful in this regard than the simpler XACML architecture.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Five Criteria for Web-Services Security Architecture\",\"authors\":\"R. Addie, A. Colman\",\"doi\":\"10.1109/NSS.2010.100\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Five properties of an architecture for secure access to web services are defined and two existing architectures are evaluated according to these criteria. References to these criteria in the literature and evaluation of the security architectures are tabulated in the conclusion. Policy-sufficiency is defined as the requirement that any meaningful statements can be expressed in policy definitions of the architecture. Protocol neutrality is the requirement that a protocol exchange which is logically equivalent to a valid protocol sequence is also valid. Predicateboundedness is the constraint that a fixed, finite set of predicates (or language constructs) will be sufficient for security policy definitions, i.e. the language does not need to be incrementally extended indefinitely. Protocol-closure requires that security protocols can be combined together arbitrarily to make new protocols. Finally, processing complexity constrains algorithms for evaluating security rules to be of satisfactory (low) complexity. No existing security architectures recieve a tick for all five of these criteria. The RW architecture is more successful in this regard than the simpler XACML architecture.\",\"PeriodicalId\":127173,\"journal\":{\"name\":\"2010 Fourth International Conference on Network and System Security\",\"volume\":\"86 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Fourth International Conference on Network and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NSS.2010.100\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Five Criteria for Web-Services Security Architecture
Five properties of an architecture for secure access to web services are defined and two existing architectures are evaluated according to these criteria. References to these criteria in the literature and evaluation of the security architectures are tabulated in the conclusion. Policy-sufficiency is defined as the requirement that any meaningful statements can be expressed in policy definitions of the architecture. Protocol neutrality is the requirement that a protocol exchange which is logically equivalent to a valid protocol sequence is also valid. Predicateboundedness is the constraint that a fixed, finite set of predicates (or language constructs) will be sufficient for security policy definitions, i.e. the language does not need to be incrementally extended indefinitely. Protocol-closure requires that security protocols can be combined together arbitrarily to make new protocols. Finally, processing complexity constrains algorithms for evaluating security rules to be of satisfactory (low) complexity. No existing security architectures recieve a tick for all five of these criteria. The RW architecture is more successful in this regard than the simpler XACML architecture.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
