Abstract-Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services.Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls.Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from serviceoriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.
PurposeThis paper aims to show that information and evidence found in the XML‐based environment of web services can allow web services providers to gain a sense of the trustworthiness of web services requestors over time.Design/methodology/approachA literature review on trust in web services environment is provided. Trust management models, and an existing trust specification for web services are discussed. Next, a conceptual framework for web services trust formation is presented.FindingsThe paper makes explicit types of information that can be used for trust formation. Web services providers are given the ability to trust requestors autonomously by making use of information that is published through web services standards, defined over and above a web services interface. The approach incorporates elements of social trust as it is concerned with more than cryptographic controls. It has mechanisms that allow a web services provider to manage trust autonomously, enabling different types of trust for different situations.Research limitations/implicationsA conceptual framework for trust formation has been defined that identifies a proposal for trust calculation. The paper does not address the implementation of the framework, and calculation of trust over information categories.Practical implicationsThe paper identifies a practical approach to autonomous web services trust by making use of web services standards such as WS‐Policy and WSMetadataExchange.Originality/valueThis paper identifies a taxonomy of trust information that can be used to make explicit the requirements for web services trust.
Abstract. Today, organisations that seek a competitive advantage are adopting virtual infrastructures that share and manage computing resources. The trend is toward implementing collaborating applications supported by web services technology. In order to enable secure interoperation between participants of these environments, trust is an important requirement to address. Current solutions to trust between web components are limited, as they are usually established via cryptographic mechanisms, in the presence of trusted third parties. To accommodate the dynamic and fluid nature of web services environments, a fktmework for trust assessment and computation is presented. The trust framework is characterised by information and reasoning. It has mechanisms that allow web services entities to manage trust autonomously, by activating a trust level and trust types by means of a rule-based fuzzy cognitive map.
Identity management provides a view on who has access to systems. Continuous organisational integration creates new Identity Management requirements such as Federation of Identities, Secure Token Services and Social Media Identity Providers. Access Management addresses the question of what resources an identity can access. A common implementation approach to address this is to utilise Role Modeling that links an identity with required access, enabling Role Based Access Control for access to system functions. Access Assurance provides fine grained access control ensuring that the identity has the right access based on attributes or rules defined by dynamic security policies. The need for Identity and Access Assurance (IAA) is not only for operational efficiency but often driven by legislative and user-experience requirements. IAA requirements are clearly visible as they are often highlighted in audit findings. Disconnect is often found between identity and access that results in integration complexity and duplication between systems because IAA programs are rarely implemented from a top-down approach, driven by the CIO into the organisation. Most often IAA is implemented from an operational management perspective within business unit silos. Furthermore, Security Frameworks such as SABSA (Sherwood Applied Business Security Architecture) provide comprehensive insights into the IAA domain but are focused either too narrowly or broadly. This paper investigates the creation of a Identity and Access Assurance Component Model by evaluating the prominent security frameworks in order to assist C-Level executives to make informed decisions on IAA investment and implementation priorities.
The aim of this study was to do a preliminary assessment of the chemical and microbial surface water quality of the Chunies River. For this purpose sampling was undertaken on 25 and 26 May 2002, and a range of chemical (macro-elements, micro-elements and heavy metals) and microbial variables (HPC, total coliforms and faecal coliforms) were measured. The chemical water quality of the second section of the river, fed by base-flow, was poor and unacceptable for both domestic and agricultural use. The microbial water quality was unacceptable for domestic use throughout the course of the river due to faecal and coliform pollution. The most significant finding of this study was that the chemical water quality of the Chunies River, at the time the samples were taken, was acceptable and fit for agricultural and domestic use.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.