Abstract
Any communication between a Web Service Provider (WSP) and a Web Service Consumer (WSC) in Web Service (WS) systems need both parties to negotiate their security policies in order to reach an agreed upon security rules. However, reaching this agreement faces several issues. First, there are no current policy selection methods for the case of multiple compatible alternatives or any mechanism for the case no compatible alternatives. Second, the complexity of these security policy assertions written in XML language. In order to overcome these issues, we propose in this paper an evaluation for the policy intersection method in its current status and another one for two policy selection methods that are Lattice lub/glb and Fuzzy Multiple Criteria Decision Making (MCDM) using the Analytical Hierarchy Process (AHP) for policy selection and decision making. These two methods can be used as an extension for policy intersection to solve policy compatibility measurements for better interoperability. An implementation to evaluate the decision making methods is built. It is found that about 98.91 % of the total comparisons using both methods select the same set of security policies. Based on the evaluation findings we propose a negotiation process using the extended policy intersection using the two evaluated methods for final policy agreement.
Keywords
- WS-Policy
- WS-Security Policy
- WS-Policy Intersection
- Boolean algebra
- WS-(Security) Policy Negotiation
- Apache Axis2
- Apache Rampart
- Apache Neethi
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Web Service Policy 1.5 - Framework (2007). http://www.w3.org/TR/ws-policy/
Web Service Policy 1.5 - Primer (2007). http://www.w3.org/TR/ws-policy-primer/
Web Service Policy Intersection (2007). http://www.w3.org/TR/ws-policy/
Thompson, L.: The Mind and Heart of the Negotiator, 6th edn. Prentice-Hall Inc., Upper Saddle River (1998)
Patrick, C., Hung, K.: WS-Negotiation: an overview of research issues. In: International Journal of Web Services (IJWSR) NRC 49358. IEEE Press (2004)
Jang, J., Shi, H., Yoo, H.: Policy negotiation system architecture for privacy protection. In: 4th International Conference on Network Computing and Advanced Information Management, pp. 592–597. IEEE press (2008)
Korba, L., Yee, G.: The negotiation of privacy policies in distance education, In: 4th International Information Resources Management Association IRMA Conference. USA, NRC Publications, Philadelphia (2003)
Vivying, S., Cheng, Y., Hung, K., Patrick, C.: Enabling web services policy negotiation with privacy preserved using XACML. In: Proceedings of the 40th Hawaii International Conference on System Sciences, pp. 153–170. IEEE press (2007)
Warschofsky, R., Menzel, M., Meinel, C.: Transformation and aggregation of web service security requirements. In: IEEE 11th European Conference on Web Services, pp. 43–50. IEEE (2010)
Li, Y., Cuppens-Boulahia, N., Crom, J. Cuppens, F., Frey, V.: Reaching agreement in security policy negotiation. In: IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications Beijing, China. IEEE (2014)
Korba, L., Yee, G.: Security personalization for internet and web services. In: 37th Hawaii International Conference on System Sciences. NRC Publications (2007)
Lavarack, T., Coetzee, M.: A framework for web service security policy negotiation. In: 8th Annual Conference on Information Security for South Africa ISSA, pp. 153–170 (2009)
Elsafie, A., Schwenk, J.: Semi-automated Fuzzy MCDM and lattice solutions for WS-Policy intersection. In: 11th IEEE World Congress on Services (SERVICES), New York City, pp. 167–174. IEEE (2015)
Apache Neethi Framework for WS Policy (2014). http://ws.apache.org/neethi/
WS Policy Intersection functions (2014). https://ws.apache.org/neethi/PolicyIntersector.html
Strunk Jr., W., White, E.B.: Order Relation, 3rd edn. Macmillan, New York (1979)
van Leunen, M.-C.: Partial order. Knopf (1979)
Triantaphyllou, E., Mann, S.H.: Using the Analytic Hierarchy process for Decision making in engineering applications: some challenges. In: Proceedings International Journal of industrial Engineering: Applications and Practice, pp. 35–44, ISSN (1995)
Lavarack, T., Coetzee, M.: Considering web services security policy compatibility. In: The 9th Annual Information Security for South Africa Conference (ISSA), pp. 1–8. IEEE Press (2010)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
A Appendix A: Apache Axis Neethi Example Output for All Policy Intersection Cases
A Appendix A: Apache Axis Neethi Example Output for All Policy Intersection Cases
We present the two policies of Apache Neethi source in Disjunctive Normal Form (DNF) in order to find policy intersection. There are three cases. The case that presented in the module is the output of the case of one compatible alternative.
Policy p1:
Policy p2:
The one-compatible alternative output case:
The no-compatible alternatives output case:
The more than one-compatible alternatives output case:
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Elsafie, A., Schwenk, J. (2016). Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making. In: Debruyne, C., et al. On the Move to Meaningful Internet Systems: OTM 2016 Conferences. OTM 2016. Lecture Notes in Computer Science(), vol 10033. Springer, Cham. https://doi.org/10.1007/978-3-319-48472-3_56
Download citation
DOI: https://doi.org/10.1007/978-3-319-48472-3_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48471-6
Online ISBN: 978-3-319-48472-3
eBook Packages: Computer ScienceComputer Science (R0)