IEEE International Conference on Web Services (ICWS 2007) Generic Security Policy Transformation Framework for WS-Security Salt Lake City, Utah, USA July 09-July 13 ISBN: 0-7695-2924-0
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICWS.2007.92
Model-Driven Security is a framework to configure WS-Security easily. It generates a security policy written in WS-SecurityPolicy to be transformed into platformspecific configuration files. Since the WS-SecurityPolicy specification is quite complicated, it is difficult to directly map between a security policy and a configuration. We propose a generic security policy transformation framework using an intermediate model. The intermediate model structure is designed based on the WS-Security message structure, because both a security policy and the configuration files correspond to one WS-Security message, even though the WS-SecurityPolicy is flexible in specifying security requirements. Our contributions are simpler transformation rules compared to direct mapping, the support for various platforms, and more flexible updates if the WS-SecurityPolicy specification changes. We demonstrate the transformation using the intermediate model for WebSphere Application Server 6.0.
Citation:
Fumiko Satoh, Yumi Yamaguchi, "Generic Security Policy Transformation Framework for WS-Security," icws, pp.513-520, IEEE International Conference on Web Services (ICWS 2007), 2007 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb