Representing Security Policies in Web Information Systems

Policies, which usually govern the behaviour of networking services (e.g., security, QoS, mobility, etc.), are becoming an increasingly popular approach for the dynamic regulation of web information systems. The adoption of a policy-based approach for controlling a system requires an appropriate policy representation regarding both syntax and semantics, and the design and development of a policy management framework. In the context of the Web, the use of languages enriched with semantics (i.e. semantic languages) has been limited primarily to represent Web content and services. However the capabilities of these languages, coupled with the availability of tools to manipulate them, make them well suited for many other kinds of application, as policy representation and management. This paper provides the current trends of policy-based management enriched by semantics applied to the protection of web information systems. It also presents an approach for using DMTF Common Information Model (CIM) ontology with semantic languages.