Issue No.04 - October-December (2011 vol.4)
Fumiko Satoh , IBM Research - Tokyo, Japan
Takehiro Tokuda , Tokyo Institute of Technology, Meguro
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSC.2010.40
An application based on the Service-Oriented Architecture (SOA) consists of an assembly of services, which is referred to as a composite service. A composite service can be implemented from other composite services, and hence, the application could have a recursive structure. Securing an SOA application is an important nonfunctional requirement. However, specifying a security policy for a composite service is not easy because the policy should be consistent with the policies of the external services invoked in the composite process. Therefore, this paper proposes a security policy composition mechanism that uses the existing policies of the external services. Our contribution is defining the process-independent policy composition rules and providing a method for semiautomatically creating a security policy of the composite service. Our method supports two approaches of policy composition: top-down and bottom-up. Our study makes it possible to verify the consistency of the policies without increasing a developer's workload, even if the composite service has a recursive structure.
Composite web services, quality of service.
Fumiko Satoh, Takehiro Tokuda, "Security Policy Composition for Composite Web Services", IEEE Transactions on Services Computing, vol.4, no. 4, pp. 314-327, October-December 2011, doi:10.1109/TSC.2010.40