Abstract
The seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organisational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organisations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as policies that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organisational service compositions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Carminati, B., Ferrari, E., Hung, P.C.K.: Web Service Composition: A Security Perspective. In: WIRI 2005, pp. 248–253 (2005)
Carminati, B., Ferrari, E., Hung, P.C.K.: Security Conscious Web Service Composition. In: ICWS 2006, pp. 489–496 (2006)
Chappel, D.: Understanding Windows CardSpace (April 2006)
Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.P.: Security for DAML Web Services: Annotation and Matchmaking. In: ICWS 2003, pp. 335–350 (2003)
Della-Libera, G., Gudgin, M., et al.: Web Services Security Policy Language (WS-SecurityPolicy). Public Draft Specification (Juli 2005)
Haller, J., Wolter, C.: Trust Indicator Integration into SLAs for Virtual Organisations. In: eChallenges 2007 Conference (2007)
Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Jaeger, T., Sailer, R., Zhang, X.: Resolving constraint conflicts. In: SACMAT 2004, pp. 105–114. ACM, New York (2004)
Meyer, H.: On the Semantics of Service Compositions. In: Proceedings of The First International Conference on Web Reasoning and Rule Systems (RR 2007) (2007)
MacKenzie, M., Laskey, K., McCabe, F., Brown, P., Metz, R.: Reference Model for Service Oriented Architecture 1.0. In: OASIS Committee Specification (February, 2006)
Charles, P.: Pfleeger and Shari Lawrence Pfleeger. Security in Computing. Prentice Hall Professional Technical Reference (2002)
Ragouzis, N., Hughes, J., Philpott, R., Maler, E.: MalerSecurity Assertion Markup Language (SAML) V2.0 Technical Overview(2006)
Wohlstadter, E., Tai, S., Mikalsen, T., Rouvellou, I., Devanbu, P.: GlueQoS: Middleware to Sweeten Quality-of-Service Policy Interactions. In: ICSE 2004, pp. 189–199 (2004)
Huang, D.: Semantic Descriptions of Web Services Security Constraints. In: SOSE 2006, pp. 81–84. IEEE Computer Society, Los Alamitos (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Menzel, M., Wolter, C., Meinel, C. (2008). Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions. In: Abramowicz, W., Fensel, D. (eds) Business Information Systems. BIS 2008. Lecture Notes in Business Information Processing, vol 7. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79396-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-79396-0_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79395-3
Online ISBN: 978-3-540-79396-0
eBook Packages: Computer ScienceComputer Science (R0)