Service Oriented Computing and Applications

, Volume 10, Issue 3, pp 337–364 | Cite as

The SemSPM approach: fine integration of WS-SecurityPolicy semantics to enhance matching security policies in SOA

  • Monia Ben Brahim
  • Tarak Chaari
  • Maher Ben Jemaa
  • Mohamed Jmaiel
Original Research Paper


The lack of semantics in WS-SecurityPolicy standard hampers the effectiveness of matching security policies. To resolve this problem, we present a semantic approach for matching Web service security policies. The approach consists in the transformation of WS-SP into an OWL-DL ontology and the definition of a set of rules which automatically generate semantic relations that can exist between the provider and requestor security requirements. We show how these relations lead to more correct and refined matching of security policies. We also describe the implementation details of our approach and its validation through a real-world use case.


WS-SecurityPolicy Semantic security policy matching  Semantic comparison relations SWRL rules 


  1. 1.
    Apache Web services Project: Neethi Policy Engine. Accessed 06 Oct 2014
  2. 2.
    Anderson A (2004) An introduction to the web services policy language (WSPL). In: Proceedings of the fifth IEEE international workshop on policies for distributed systems and networks, POLICY 2004, pp 189–192Google Scholar
  3. 3.
    Chaari S, Badr Y, Biennier F (2008) Enhancing web service selection by qos-based ontology and WS-policy. In: Proceedings of the 2008 ACM symposium on applied computing (SAC’08), pp 2426–2431Google Scholar
  4. 4.
    Denker G, Kagal L, Finin TW, Paolucci M, Sycara KP (2003) Security for daml web services: annotation and matchmaking. In: International semantic web conference, pp 335–350Google Scholar
  5. 5.
    Garcia DZG, de Toledo MBF (2008a) Ontology-based security policies for supporting the management of web service business processes. In: Proceedings of the 2008 IEEE international conference on semantic computing (ICSC’08), pp 331–338Google Scholar
  6. 6.
    Garcia DZG, de Toledo MBF (2008b) Web service security management using semantic web techniques. In: Proceedings of the 2008 ACM symposium on applied computing (SAC’08), pp 2256–2260Google Scholar
  7. 7.
    Hollunder B (2009) Domain-specific processing of policies or: WS-Policy intersection revisited. In: Proceedings of the IEEE international conference on web services, pp 246–253Google Scholar
  8. 8.
    Kagal L (2002) Rei: a policy language for the me-centric project. Hp labs technical reportGoogle Scholar
  9. 9.
    Kagal L, Finin T, Johshi A (2003) A policy language for pervasive computing environment. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and network (Policy 2003), pp 63–74Google Scholar
  10. 10.
    Kim A, Luo J, Kang MH (2005) Security ontology for annotating resources. In: Proceedings of OTM confederated international conferences, pp 1483–1499Google Scholar
  11. 11.
    Modica GD, Tomarchio O (2011) Semantic security policy matching in service oriented architectures. In: Proceedings of the 2011 IEEE world congress on services (SERVICES’11), pp 399–405Google Scholar
  12. 12.
    OASIS (2005) extensible access control markup language v2.0 (xacml). Accessed 06 Oct 2014
  13. 13.
    OASIS (2006) Web services security v1.1. Accessed 06 Oct 2014
  14. 14.
    OASIS (2009) Ws-securitypolicy v1.3. Accessed 06 Oct 2014
  15. 15.
    OASIS (2010) Ws-securitypolicy examples version 1.0. Accessed 06 Oct 2014
  16. 16.
    Ono K, Nakamura Y, Satoh F, Tateishi T (2007) Verifying the consistency of security policies by abstracting into security types. In: Proceedings of the 2007 IEEE international conference on web services, pp 497–504Google Scholar
  17. 17.
    Phan T, Han J, Schneider JG, Ebringer T, Rogers T (2008) A survey of policy-based management approaches for service oriented systems. In: Proceedings of the 19th Australian conference on software engineering, pp 392–401Google Scholar
  18. 18.
    Stanford Center for Biomedical Informatics Research: OWL protege. Accessed 06 Oct 2014
  19. 19.
    Sandia National Laboratories: the Jess engine. Accessed 06 Oct 2014
  20. 20.
    Speiser S (2010) Semantic annotations for WS-Policy. In: Proceedings of the 2010 IEEE international conference on web services, pp 449–456Google Scholar
  21. 21.
    The Apache Software Foundation: Apache Rampart. Accessed 06 Oct 2014
  22. 22.
    The Apache Software Foundation: Apache Axis2. Accessed 06 Oct 2014
  23. 23.
    Tonti G, Bradshaw JM, Jeffers R, Montanari R, Suri N, Uszok A (2003) Semantic web languages for policy representation and reasoning: a comparison of KAos, Rei, and Ponder. In: Proceedings of the international semantic web conference (ISWC2003), pp 419–437Google Scholar
  24. 24.
    Uszok A, Bradshaw JM, Jeffers R, Suri N, Hayes P, Breedy MR, Bunch L, Johnson M, Kulkarni S, Lott J (2003) Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (Policy 2003), pp 93–96Google Scholar
  25. 25.
    Uszok A, Bradshaw JM, Johnson M, Jeffers R, Tate A, Dalton J, Aitken S (2004) Kaos policy management for semantic web services. IEEE Intell Syst 19(4):32–41. doi: 10.1109/MIS.2004.31 CrossRefGoogle Scholar
  26. 26.
    Verma K, Akkiraju R, Goodwin R (2005) Semantic matching of web service policies. In: Proceedings of the second workshop on semantic and dynamic web processes, pp 79–90Google Scholar
  27. 27.
    W3C (2004a) OWL web ontology language guide. Accessed 06 Oct 2014
  28. 28.
    W3C (2004b) SWRL: a semantic web rule language combining OWL and RuleML.
  29. 29.
    W3C (2007) WS-Policy 1.5-framework. Accessed 06 Oct 2014
  30. 30.
    Yu B, Yang L, Wang Y, Zhang B, Cao Y, Ma L, Luo X (2013) Rule-based security capabilities matching for web services. Wirel Pers Commun 73(4):1349–1367. doi: 10.1007/s11277-013-1254-1 CrossRefGoogle Scholar
  31. 31.
    Zeng H, Ma D, Zhao Y, Li Z (2014) PBA4WSSP: a policy-based architecture for web services security processing. Serv Oriented Comput Appl 8(1):55–72. doi: 10.1007/s11761-013-0143-5 CrossRefGoogle Scholar
  32. 32.
    Zheng-qiu H, Li-fa W, Zheng H, Hai-guang L (2009) Semantic security policy for web service. In: Proceedings of the IEEE international symposium on parallel and distributed processing with applications, pp 258–262Google Scholar

Copyright information

© Springer-Verlag London 2016

Authors and Affiliations

  • Monia Ben Brahim
    • 1
  • Tarak Chaari
    • 1
  • Maher Ben Jemaa
    • 1
  • Mohamed Jmaiel
    • 1
    • 2
  1. 1.ReDCAD LaboratoryNational School of Engineers of SfaxSfaxTunisia
  2. 2.Research Center for Computer ScienceMultimedia and Digital Data Processing of SfaxSakiet Ezzit, SfaxTunisia

Personalised recommendations