The Community for Technology Leaders
Green Image
Issue No. 04 - October-December (2011 vol. 4)
ISSN: 1939-1374
pp: 314-327
Fumiko Satoh , IBM Research - Tokyo, Japan
Takehiro Tokuda , Tokyo Institute of Technology, Meguro
ABSTRACT
An application based on the Service-Oriented Architecture (SOA) consists of an assembly of services, which is referred to as a composite service. A composite service can be implemented from other composite services, and hence, the application could have a recursive structure. Securing an SOA application is an important nonfunctional requirement. However, specifying a security policy for a composite service is not easy because the policy should be consistent with the policies of the external services invoked in the composite process. Therefore, this paper proposes a security policy composition mechanism that uses the existing policies of the external services. Our contribution is defining the process-independent policy composition rules and providing a method for semiautomatically creating a security policy of the composite service. Our method supports two approaches of policy composition: top-down and bottom-up. Our study makes it possible to verify the consistency of the policies without increasing a developer's workload, even if the composite service has a recursive structure.
INDEX TERMS
Composite web services, quality of service.
CITATION

F. Satoh and T. Tokuda, "Security Policy Composition for Composite Web Services," in IEEE Transactions on Services Computing, vol. 4, no. , pp. 314-327, 2010.
doi:10.1109/TSC.2010.40
82 ms
(Ver 3.3 (11022016))