Paper Info
Title
Syntactic Validation of Web Services Security Policies
Abstract
The Service-Oriented Architecture (SOA) makes application development flexible in such a way that services are composed in a highly distributed manner. However, because of the flexibility, it is often hard for users to define application configurations properly. Regarding the security concerns we address in this paper, though WS-SecurityPolicy provides a standard way to describe security policies, it is difficult for users to make sure that the defined policies are valid. In this paper, we discuss the validation of WS-SecurityPolicy in the context of Service Component Architecture, and propose a method called syntactic validation. Most enterprises have security guidelines, some of which can be described in the format of Web services security messages. There also exist standard profiles for Web services such as the WS-I Basic Security Profile that also prescribes message formats. Since those guidelines and profiles are based on accepted best practices, the syntactic validation is sufficiently effective for practical use to prevent security vulnerabilities.
Year
DOI
Venue
2007
10.1007/978-3-540-74974-5_26
ICSOC
Keywords
Field
DocType
service-oriented architecture,security concern,syntactic validation,web services security policies,application development,security policy,web services security message,web service,service component architecture,security vulnerability,security guideline,service oriented architecture,best practice
Security convergence,Security testing,Security through obscurity,Computer security,Computer science,Information security standards,Security service,Web application security,Security information and event management,Computer security model
Conference
Volume
ISSN
Citations 
4749
0302-9743
5
PageRank 
References 
Authors
0.49
8
3
Name
Order
Citations
PageRank
Yuichi Nakamura1704.26
Fumiko Sato250.49
Hyen-Vui Chung3141.36