ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Specifying conflict of interest assertions in WS-policy with Chinese wall security policy
Full text PdfPdf (270 KB)
Source ACM SIGecom Exchanges archive
Volume 4 ,  Issue 1  (Spring, 2003) table of contents
Pages: 11 - 19  
Year of Publication: 2003
Authors
Patrick C. K. Hung  CSIRO Mathematical and Information Sciences, Canberra ACT, Australia
Guang-Sha Qiu  Faculty of Engineering, University of Western Australia, Perth WA, Australia
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 38,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/844357.844362
What is a DOI?

ABSTRACT

A Web service is defined as an autonomous unit of application logic that provides either some business functionality or information to other applications through an Internet connection. Web services are based on a set of XML standards such as Simple Object Access Protocol (SOAP), Universal Description, Discovery and Integration (UDDI) and Web Services Description Language (WSDL). The benefits of adopting Web services over traditional business-to-business applications include faster time to production, convergence of disparate business functionalities, a significant reduction in total cost of development, and easy to deploy business applications for trading partners. However, Web services architectures are built on an insecure, unmonitored and shared environment, which is open to events such as security threats. Security concerns are the major barrier that prevents many business organizations from implementing or employing Web services. This article discusses one of the classical security policies that deal with conflict of interest - the Chinese wall security policy. The article then extends this concept into specifying and implementing conflict of interest assertions in the newly developed WS-Policy. WS-Policy is an XML representation that provides a grammar for expressing Web services policies, to allow service locators to have a common interpretation of security requirements in the matchmaking process.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
BREWER, DAVID F. C. AND MICHAEL J. NASH. 1989. Chinese Wall Security Policy. In Proceedings of the Symposium on Security and Privacy, 206-214.
 
2
CONTENTGUARD. 2001. eXtensible rights Markup Language (XrML), Version 2.0.
 
3
COOMBS, CLYDE H. AND GEORGE S. AVRUNIN. 1988. The Structure of Conflict, Lawrence Erlbaum Associates, Publishers.
 
4
FONTANA, J. 2002. Top Web Services Worry: Security. NetworkWorldFusion, January 2002, http://www.nwfusion.com/news/2002/0121webservices.html.
 
5
Birgit Hofreiter , Christian Huemer , Wolfgang Klas, ebXML: Status, Research Issues, and Obstacles, Proceedings of the 12th International Workshop on Research Issues in Data Engineering: Engineering E-Commerce/E-Business Systems (RIDE'02), p.7, February 24-25, 2002
 
6
HOLLAND, P. 2002. Building Web Services From Existing Application. In eAI Journal, September 2002, 45-47.
 
7
HONDO, MARYANN, NATARAJ NAGARATNAM AND ANTHONY NADALIN. 2002. Securing Web Services. In IBM Systems Journal, vol. 41, no. 2, 228-241.
8
Patrick C. K. Hung, Specifying conflict of interest in web services endpoint language (WSEL), ACM SIGecom Exchanges, v.3 n.3, p.1-8, Summer, 2002  [doi>10.1145/844339.844344]
 
9
IBM CORPORATION. 2002a. Business Process Execution Language for Web Services (BPEL4WS), Version 1.0.
 
10
IBM CORPORATION. 2002b. Security in a Web Services World: A Proposed Architecture and Roadmap, White Paper, Version 1.0. http://www-106.ibm.com/developerworks/library/ws-secroad/
 
11
NETEGRITY. 2001. JSAML Toolkit: Netegrity's Java Implementation of the Security Assertions Markup Language (SAML) Specification, Netegrity White Paper.
 
12
OASIS. 2002. SAML 1.0 Specification Set: Committee Specifications.
 
13
OASIS. 2002. OASIS eXtensible Access Control Markup Language (XACML), OASIS Standard 1.0, 11 December 2002.
 
14
RATNASINGAM, P. 2002. The Importance of Technology Trust in Web Services Security. In Information Management & Computer Security, vol. 10, no. 5, 255-260.
 
15
SUN MICROSYSTEMS. 2002. Web Service Choreography Interface (WSCI), Version 1.0.
 
16
UDDI ORGANIZATION. 2002. UDDI Version 3.0, Published Specification.
 
17
WORLD WIDE WEB CONSORTIUM (W3C): www.w3c.org

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.5 On-line Information Services
          Subjects: Web-based services

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.5 Local and Wide-Area Networks
          Subjects: Internet (e.g., TCP/IP)

  I. Computing Methodologies
  I.7 DOCUMENT AND TEXT PROCESSING
      I.7.2 Document Preparation

          Nouns: XML

  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.4 Electronic Commerce
          Subjects: Security


General Terms:
Design, Management, Reliability, Security, Standardization


Keywords:
Chinese wall security policy, WS-policy, WS-policy attachment, conflict of interest, delegation, matchmaking, security assertion, security policy, service locators

Collaborative Colleagues:
Patrick C. K. Hung: colleagues
Guang-Sha Qiu: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player