Abstract
The lack of semantics in WS-SecurityPolicy standard hampers the effectiveness of matching security policies. To resolve this problem, we present a semantic approach for matching Web service security policies. The approach consists in the transformation of WS-SP into an OWL-DL ontology and the definition of a set of rules which automatically generate semantic relations that can exist between the provider and requestor security requirements. We show how these relations lead to more correct and refined matching of security policies. We also describe the implementation details of our approach and its validation through a real-world use case.
Similar content being viewed by others
Notes
isDifferentFrom and isIdenticalTo relations are not shown in the figures to avoid saturating them.
These relations are not shown in the figures to avoid saturating them.
The input parameters ProvComponent and ReqComponent design two analog assertions or alternatives since the same built-in is used to generate semantic correspondences at the level of the security alternatives (c.f. Sect. 6.3).
References
Apache Web services Project: Neethi Policy Engine. http://ws.apache.org/neethi/. Accessed 06 Oct 2014
Anderson A (2004) An introduction to the web services policy language (WSPL). In: Proceedings of the fifth IEEE international workshop on policies for distributed systems and networks, POLICY 2004, pp 189–192
Chaari S, Badr Y, Biennier F (2008) Enhancing web service selection by qos-based ontology and WS-policy. In: Proceedings of the 2008 ACM symposium on applied computing (SAC’08), pp 2426–2431
Denker G, Kagal L, Finin TW, Paolucci M, Sycara KP (2003) Security for daml web services: annotation and matchmaking. In: International semantic web conference, pp 335–350
Garcia DZG, de Toledo MBF (2008a) Ontology-based security policies for supporting the management of web service business processes. In: Proceedings of the 2008 IEEE international conference on semantic computing (ICSC’08), pp 331–338
Garcia DZG, de Toledo MBF (2008b) Web service security management using semantic web techniques. In: Proceedings of the 2008 ACM symposium on applied computing (SAC’08), pp 2256–2260
Hollunder B (2009) Domain-specific processing of policies or: WS-Policy intersection revisited. In: Proceedings of the IEEE international conference on web services, pp 246–253
Kagal L (2002) Rei: a policy language for the me-centric project. Hp labs technical report
Kagal L, Finin T, Johshi A (2003) A policy language for pervasive computing environment. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and network (Policy 2003), pp 63–74
Kim A, Luo J, Kang MH (2005) Security ontology for annotating resources. In: Proceedings of OTM confederated international conferences, pp 1483–1499
Modica GD, Tomarchio O (2011) Semantic security policy matching in service oriented architectures. In: Proceedings of the 2011 IEEE world congress on services (SERVICES’11), pp 399–405
OASIS (2005) extensible access control markup language v2.0 (xacml). http://www.oasis-open.org/standards#xacmlv2.0. Accessed 06 Oct 2014
OASIS (2006) Web services security v1.1. http://www.oasis-open.org/standards#wssv1.1. Accessed 06 Oct 2014
OASIS (2009) Ws-securitypolicy v1.3. http://www.oasis-open.org/standards#wssecpolv1.3. Accessed 06 Oct 2014
OASIS (2010) Ws-securitypolicy examples version 1.0. http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html#_Toc274723249. Accessed 06 Oct 2014
Ono K, Nakamura Y, Satoh F, Tateishi T (2007) Verifying the consistency of security policies by abstracting into security types. In: Proceedings of the 2007 IEEE international conference on web services, pp 497–504
Phan T, Han J, Schneider JG, Ebringer T, Rogers T (2008) A survey of policy-based management approaches for service oriented systems. In: Proceedings of the 19th Australian conference on software engineering, pp 392–401
Stanford Center for Biomedical Informatics Research: OWL protege. http://protege.stanford.edu/. Accessed 06 Oct 2014
Sandia National Laboratories: the Jess engine. http://www.jessrules.com. Accessed 06 Oct 2014
Speiser S (2010) Semantic annotations for WS-Policy. In: Proceedings of the 2010 IEEE international conference on web services, pp 449–456
The Apache Software Foundation: Apache Rampart. http://axis.apache.org/axis2/java/rampart/index.html. Accessed 06 Oct 2014
The Apache Software Foundation: Apache Axis2. http://axis.apache.org/axis2/java/core/. Accessed 06 Oct 2014
Tonti G, Bradshaw JM, Jeffers R, Montanari R, Suri N, Uszok A (2003) Semantic web languages for policy representation and reasoning: a comparison of KAos, Rei, and Ponder. In: Proceedings of the international semantic web conference (ISWC2003), pp 419–437
Uszok A, Bradshaw JM, Jeffers R, Suri N, Hayes P, Breedy MR, Bunch L, Johnson M, Kulkarni S, Lott J (2003) Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (Policy 2003), pp 93–96
Uszok A, Bradshaw JM, Johnson M, Jeffers R, Tate A, Dalton J, Aitken S (2004) Kaos policy management for semantic web services. IEEE Intell Syst 19(4):32–41. doi:10.1109/MIS.2004.31
Verma K, Akkiraju R, Goodwin R (2005) Semantic matching of web service policies. In: Proceedings of the second workshop on semantic and dynamic web processes, pp 79–90
W3C (2004a) OWL web ontology language guide. http://www.w3.org/TR/owl-guide/. Accessed 06 Oct 2014
W3C (2004b) SWRL: a semantic web rule language combining OWL and RuleML. http://www.w3.org/Submission/SWRL/
W3C (2007) WS-Policy 1.5-framework. http://www.w3.org/TR/2007/REC-ws-policy-20070904/. Accessed 06 Oct 2014
Yu B, Yang L, Wang Y, Zhang B, Cao Y, Ma L, Luo X (2013) Rule-based security capabilities matching for web services. Wirel Pers Commun 73(4):1349–1367. doi:10.1007/s11277-013-1254-1
Zeng H, Ma D, Zhao Y, Li Z (2014) PBA4WSSP: a policy-based architecture for web services security processing. Serv Oriented Comput Appl 8(1):55–72. doi:10.1007/s11761-013-0143-5
Zheng-qiu H, Li-fa W, Zheng H, Hai-guang L (2009) Semantic security policy for web service. In: Proceedings of the IEEE international symposium on parallel and distributed processing with applications, pp 258–262
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ben Brahim, M., Chaari, T., Ben Jemaa, M. et al. The SemSPM approach: fine integration of WS-SecurityPolicy semantics to enhance matching security policies in SOA. SOCA 10, 337–364 (2016). https://doi.org/10.1007/s11761-016-0190-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11761-016-0190-9