Skip to main content

The SemSPM approach: fine integration of WS-SecurityPolicy semantics to enhance matching security policies in SOA

Abstract

The lack of semantics in WS-SecurityPolicy standard hampers the effectiveness of matching security policies. To resolve this problem, we present a semantic approach for matching Web service security policies. The approach consists in the transformation of WS-SP into an OWL-DL ontology and the definition of a set of rules which automatically generate semantic relations that can exist between the provider and requestor security requirements. We show how these relations lead to more correct and refined matching of security policies. We also describe the implementation details of our approach and its validation through a real-world use case.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Notes

  1. isDifferentFrom and isIdenticalTo relations are not shown in the figures to avoid saturating them.

  2. These relations are not shown in the figures to avoid saturating them.

  3. The input parameters ProvComponent and ReqComponent design two analog assertions or alternatives since the same built-in is used to generate semantic correspondences at the level of the security alternatives (c.f. Sect. 6.3).

  4. http://redcad.org/members/monia.benbrahim/SPMatchingOntology.owl.

  5. http://redcad.org/members/monia.benbrahim/TravelAgencySemanticSP.owl.

  6. http://redcad.org/members/monia.benbrahim/FlightReservationServiceSyntacticSP.xml.

  7. http://redcad.org/members/monia.benbrahim/FlightReservationServiceSemanticSP.owl.

References

  1. Apache Web services Project: Neethi Policy Engine. http://ws.apache.org/neethi/. Accessed 06 Oct 2014

  2. Anderson A (2004) An introduction to the web services policy language (WSPL). In: Proceedings of the fifth IEEE international workshop on policies for distributed systems and networks, POLICY 2004, pp 189–192

  3. Chaari S, Badr Y, Biennier F (2008) Enhancing web service selection by qos-based ontology and WS-policy. In: Proceedings of the 2008 ACM symposium on applied computing (SAC’08), pp 2426–2431

  4. Denker G, Kagal L, Finin TW, Paolucci M, Sycara KP (2003) Security for daml web services: annotation and matchmaking. In: International semantic web conference, pp 335–350

  5. Garcia DZG, de Toledo MBF (2008a) Ontology-based security policies for supporting the management of web service business processes. In: Proceedings of the 2008 IEEE international conference on semantic computing (ICSC’08), pp 331–338

  6. Garcia DZG, de Toledo MBF (2008b) Web service security management using semantic web techniques. In: Proceedings of the 2008 ACM symposium on applied computing (SAC’08), pp 2256–2260

  7. Hollunder B (2009) Domain-specific processing of policies or: WS-Policy intersection revisited. In: Proceedings of the IEEE international conference on web services, pp 246–253

  8. Kagal L (2002) Rei: a policy language for the me-centric project. Hp labs technical report

  9. Kagal L, Finin T, Johshi A (2003) A policy language for pervasive computing environment. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and network (Policy 2003), pp 63–74

  10. Kim A, Luo J, Kang MH (2005) Security ontology for annotating resources. In: Proceedings of OTM confederated international conferences, pp 1483–1499

  11. Modica GD, Tomarchio O (2011) Semantic security policy matching in service oriented architectures. In: Proceedings of the 2011 IEEE world congress on services (SERVICES’11), pp 399–405

  12. OASIS (2005) extensible access control markup language v2.0 (xacml). http://www.oasis-open.org/standards#xacmlv2.0. Accessed 06 Oct 2014

  13. OASIS (2006) Web services security v1.1. http://www.oasis-open.org/standards#wssv1.1. Accessed 06 Oct 2014

  14. OASIS (2009) Ws-securitypolicy v1.3. http://www.oasis-open.org/standards#wssecpolv1.3. Accessed 06 Oct 2014

  15. OASIS (2010) Ws-securitypolicy examples version 1.0. http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html#_Toc274723249. Accessed 06 Oct 2014

  16. Ono K, Nakamura Y, Satoh F, Tateishi T (2007) Verifying the consistency of security policies by abstracting into security types. In: Proceedings of the 2007 IEEE international conference on web services, pp 497–504

  17. Phan T, Han J, Schneider JG, Ebringer T, Rogers T (2008) A survey of policy-based management approaches for service oriented systems. In: Proceedings of the 19th Australian conference on software engineering, pp 392–401

  18. Stanford Center for Biomedical Informatics Research: OWL protege. http://protege.stanford.edu/. Accessed 06 Oct 2014

  19. Sandia National Laboratories: the Jess engine. http://www.jessrules.com. Accessed 06 Oct 2014

  20. Speiser S (2010) Semantic annotations for WS-Policy. In: Proceedings of the 2010 IEEE international conference on web services, pp 449–456

  21. The Apache Software Foundation: Apache Rampart. http://axis.apache.org/axis2/java/rampart/index.html. Accessed 06 Oct 2014

  22. The Apache Software Foundation: Apache Axis2. http://axis.apache.org/axis2/java/core/. Accessed 06 Oct 2014

  23. Tonti G, Bradshaw JM, Jeffers R, Montanari R, Suri N, Uszok A (2003) Semantic web languages for policy representation and reasoning: a comparison of KAos, Rei, and Ponder. In: Proceedings of the international semantic web conference (ISWC2003), pp 419–437

  24. Uszok A, Bradshaw JM, Jeffers R, Suri N, Hayes P, Breedy MR, Bunch L, Johnson M, Kulkarni S, Lott J (2003) Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (Policy 2003), pp 93–96

  25. Uszok A, Bradshaw JM, Johnson M, Jeffers R, Tate A, Dalton J, Aitken S (2004) Kaos policy management for semantic web services. IEEE Intell Syst 19(4):32–41. doi:10.1109/MIS.2004.31

    Article  Google Scholar 

  26. Verma K, Akkiraju R, Goodwin R (2005) Semantic matching of web service policies. In: Proceedings of the second workshop on semantic and dynamic web processes, pp 79–90

  27. W3C (2004a) OWL web ontology language guide. http://www.w3.org/TR/owl-guide/. Accessed 06 Oct 2014

  28. W3C (2004b) SWRL: a semantic web rule language combining OWL and RuleML. http://www.w3.org/Submission/SWRL/

  29. W3C (2007) WS-Policy 1.5-framework. http://www.w3.org/TR/2007/REC-ws-policy-20070904/. Accessed 06 Oct 2014

  30. Yu B, Yang L, Wang Y, Zhang B, Cao Y, Ma L, Luo X (2013) Rule-based security capabilities matching for web services. Wirel Pers Commun 73(4):1349–1367. doi:10.1007/s11277-013-1254-1

    Article  Google Scholar 

  31. Zeng H, Ma D, Zhao Y, Li Z (2014) PBA4WSSP: a policy-based architecture for web services security processing. Serv Oriented Comput Appl 8(1):55–72. doi:10.1007/s11761-013-0143-5

    Article  Google Scholar 

  32. Zheng-qiu H, Li-fa W, Zheng H, Hai-guang L (2009) Semantic security policy for web service. In: Proceedings of the IEEE international symposium on parallel and distributed processing with applications, pp 258–262

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Monia Ben Brahim.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Ben Brahim, M., Chaari, T., Ben Jemaa, M. et al. The SemSPM approach: fine integration of WS-SecurityPolicy semantics to enhance matching security policies in SOA. SOCA 10, 337–364 (2016). https://doi.org/10.1007/s11761-016-0190-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11761-016-0190-9

Keywords

  • WS-SecurityPolicy
  • Semantic security policy matching
  • Semantic comparison relations
  • SWRL rules