Skip to main content

Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making

  • 1202 Accesses

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 10033)

Abstract

Any communication between a Web Service Provider (WSP) and a Web Service Consumer (WSC) in Web Service (WS) systems need both parties to negotiate their security policies in order to reach an agreed upon security rules. However, reaching this agreement faces several issues. First, there are no current policy selection methods for the case of multiple compatible alternatives or any mechanism for the case no compatible alternatives. Second, the complexity of these security policy assertions written in XML language. In order to overcome these issues, we propose in this paper an evaluation for the policy intersection method in its current status and another one for two policy selection methods that are Lattice lub/glb and Fuzzy Multiple Criteria Decision Making (MCDM) using the Analytical Hierarchy Process (AHP) for policy selection and decision making. These two methods can be used as an extension for policy intersection to solve policy compatibility measurements for better interoperability. An implementation to evaluate the decision making methods is built. It is found that about 98.91 % of the total comparisons using both methods select the same set of security policies. Based on the evaluation findings we propose a negotiation process using the extended policy intersection using the two evaluated methods for final policy agreement.

Keywords

  • WS-Policy
  • WS-Security Policy
  • WS-Policy Intersection
  • Boolean algebra
  • WS-(Security) Policy Negotiation
  • Apache Axis2
  • Apache Rampart
  • Apache Neethi

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-48472-3_56
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-319-48472-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

References

  1. Web Service Policy 1.5 - Framework (2007). http://www.w3.org/TR/ws-policy/

  2. Web Service Policy 1.5 - Primer (2007). http://www.w3.org/TR/ws-policy-primer/

  3. Web Service Policy Intersection (2007). http://www.w3.org/TR/ws-policy/

  4. Thompson, L.: The Mind and Heart of the Negotiator, 6th edn. Prentice-Hall Inc., Upper Saddle River (1998)

    Google Scholar 

  5. Patrick, C., Hung, K.: WS-Negotiation: an overview of research issues. In: International Journal of Web Services (IJWSR) NRC 49358. IEEE Press (2004)

    Google Scholar 

  6. Jang, J., Shi, H., Yoo, H.: Policy negotiation system architecture for privacy protection. In: 4th International Conference on Network Computing and Advanced Information Management, pp. 592–597. IEEE press (2008)

    Google Scholar 

  7. Korba, L., Yee, G.: The negotiation of privacy policies in distance education, In: 4th International Information Resources Management Association IRMA Conference. USA, NRC Publications, Philadelphia (2003)

    Google Scholar 

  8. Vivying, S., Cheng, Y., Hung, K., Patrick, C.: Enabling web services policy negotiation with privacy preserved using XACML. In: Proceedings of the 40th Hawaii International Conference on System Sciences, pp. 153–170. IEEE press (2007)

    Google Scholar 

  9. Warschofsky, R., Menzel, M., Meinel, C.: Transformation and aggregation of web service security requirements. In: IEEE 11th European Conference on Web Services, pp. 43–50. IEEE (2010)

    Google Scholar 

  10. Li, Y., Cuppens-Boulahia, N., Crom, J. Cuppens, F., Frey, V.: Reaching agreement in security policy negotiation. In: IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications Beijing, China. IEEE (2014)

    Google Scholar 

  11. Korba, L., Yee, G.: Security personalization for internet and web services. In: 37th Hawaii International Conference on System Sciences. NRC Publications (2007)

    Google Scholar 

  12. Lavarack, T., Coetzee, M.: A framework for web service security policy negotiation. In: 8th Annual Conference on Information Security for South Africa ISSA, pp. 153–170 (2009)

    Google Scholar 

  13. Elsafie, A., Schwenk, J.: Semi-automated Fuzzy MCDM and lattice solutions for WS-Policy intersection. In: 11th IEEE World Congress on Services (SERVICES), New York City, pp. 167–174. IEEE (2015)

    Google Scholar 

  14. Apache Neethi Framework for WS Policy (2014). http://ws.apache.org/neethi/

  15. WS Policy Intersection functions (2014). https://ws.apache.org/neethi/PolicyIntersector.html

  16. Strunk Jr., W., White, E.B.: Order Relation, 3rd edn. Macmillan, New York (1979)

    Google Scholar 

  17. van Leunen, M.-C.: Partial order. Knopf (1979)

    Google Scholar 

  18. Triantaphyllou, E., Mann, S.H.: Using the Analytic Hierarchy process for Decision making in engineering applications: some challenges. In: Proceedings International Journal of industrial Engineering: Applications and Practice, pp. 35–44, ISSN (1995)

    Google Scholar 

  19. Lavarack, T., Coetzee, M.: Considering web services security policy compatibility. In: The 9th Annual Information Security for South Africa Conference (ISSA), pp. 1–8. IEEE Press (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Abeer Elsafie or Jörg Schwenk .

Editor information

Editors and Affiliations

A Appendix A: Apache Axis Neethi Example Output for All Policy Intersection Cases

A Appendix A: Apache Axis Neethi Example Output for All Policy Intersection Cases

We present the two policies of Apache Neethi source in Disjunctive Normal Form (DNF) in order to find policy intersection. There are three cases. The case that presented in the module is the output of the case of one compatible alternative.

Policy p1:

figure c

Policy p2:

figure d

The one-compatible alternative output case:

figure e

The no-compatible alternatives output case:

figure f

The more than one-compatible alternatives output case:

figure g

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Elsafie, A., Schwenk, J. (2016). Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making. In: , et al. On the Move to Meaningful Internet Systems: OTM 2016 Conferences. OTM 2016. Lecture Notes in Computer Science(), vol 10033. Springer, Cham. https://doi.org/10.1007/978-3-319-48472-3_56

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48472-3_56

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48471-6

  • Online ISBN: 978-3-319-48472-3

  • eBook Packages: Computer ScienceComputer Science (R0)