Security for Web Services: Standards and Research Issues
نویسندگان
چکیده
This chapter identifies the main security requirements for Web services and it describes how such security requirements are addressed by standards for Web services security recently developed or under development by various standardizations bodies. Standards are reviewed according to a conceptual framework that groups them by the main functionalities they provide. Standards that are covered include most of the standards encompassed by the WSS roadmap [2]; the Security Assertion Markup Language -SAML-, WS-Policy, XACML, that is related to access control and has been recently extended with a profile for Web services access control; XKMS and WS-Trust; WS-Federation, LibertyAlliance and Shibboleth, that address the important problem of identity management in federated organizations. Finally, issues related to the use of the standards are discussed and open research issues in the area of access control for Web services and innovative digital identity management techniques are outlined.
منابع مشابه
Security standards for the semantic web
This paper first describes the developments in standards for the semantic web and then describes standards for secure semantic web. In particular XML security, RDF security, and secure information integration and trust on the semantic web are discussed. Some details of our research on access control and dissemination of XML documents are also given. Next privacy issues for the semantic web are ...
متن کاملThe Impact of Standards in Web Services Security
The Internet has provided an avenue for businesses to adopt web services. Web services promises scalability, agility, cost reduction, profitability and availability thereby meeting instant gratification needs of web users’. It refers to modular Internet-based business functions that perform specific business tasks to facilitate business interactions within and beyond the organization. While add...
متن کاملWeb Services Security: Techniques and Challenges (Extended Abstract)
Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web services a reality. This talk will present techniques for Web services security and some of the challenges and recommendations for secure we...
متن کاملTowards a Process for Web Services Security
Web Services (WS) security has undergone an enormous development, as carried out by the major organizations and consortiums of the industry over the last few years. This has brought about the appearance of a huge number of WS security standards. Such a fact has made organizations remain reticent about adopting technologies based on this paradigm, due to the learning curve which is inevitable in...
متن کاملResearch and Design Issues in Access Control for Network Services on the Web
The service oriented architecture (SOA) is gaining more momentum with the advent of network services on the Web. A programmable and machine accessible Web is the vision of many, and might represent a step towards the semantic Web. However, security is a crucial requirement for the serious usage and adoption of Web services technology. This paper reviews existing work related to Web service secu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Int. J. Web Service Res.
دوره 6 شماره
صفحات -
تاریخ انتشار 2009