Security Requirements for a Semantic Service-oriented Architecture

Dürbeck, Stefan; Schillinger, Rolf; Kolter, Jan

doi:10.1109/ares.2007.138

Cited by 7 publications

(8 citation statements)

References 5 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…After Rampart has been loaded into the Axis2 engine, as a module to implement the WS-Security, it can do security handling to all the effective services. Rampart can also just execute security handling to one or more services or a specific method in a service [9] [10].…”

Section: Rampart Security Policymentioning

confidence: 99%

Signature and Encryption on Parts of SOAP Message Based on Rampart

2010

2010 2nd International Workshop on Intelligent Systems and Applications

View full text Add to dashboard Cite

With the development and application of Web service technology, the security of Web service is becoming more and more important. The security of SOAP message is an important factor which decides Web service security. In order to realize the security of SOAP message, an approach to partly sign and encrypt on SOAP message based on Rampart is proposed in this paper. The experimental results demonstrate that the approach can enhance the security of Web service, as well as improve the flexibility for Web service message transmission and operation.

show abstract

Section: Rampart Security Policymentioning

confidence: 99%

Signature and Encryption on Parts of SOAP Message Based on Rampart

2010

2010 2nd International Workshop on Intelligent Systems and Applications

View full text Add to dashboard Cite

show abstract

“…Therefore, this section focuses on the differences and adoptions we performed for real-world deployment. The presented architecture and data flow implement all requirements gathered in [25], [26], [2].…”

Section: A Semantic Security Architecture For Web Servicesmentioning

confidence: 99%

“…Restricting access to valuable service resources only after trustful authorization was seen as a crucial part to heighten the overall security of the semantic service-oriented system and the reliability in general [2]. Our semantic security architecture for service-oriented systems based on the attribute-based access control paradigm [3] has already been described in [4], [5], [6] and has now successfully been implemented.…”

Section: Introductionmentioning

confidence: 99%

A Semantic Security Architecture for Web Services The Access-eGov Solution

Dürbeck

Fritsch

Pernul

et al. 2010

2010 International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Abstract-The shift from mere service-oriented architectures (SOA) to semantically enriched approaches is especially being forced in multi-domain environments that the public sector in the European Union is an example for. The security aspect is lagging behind its possibilities, and new access control approaches native to the semantic environment need to be applied. Based on architectural research work conducted within the EU-funded research project Access-eGov, we outline our implementation of a semantic security architecture for web services by using industry-standard technologies and combining them with semantic enhancements.

show abstract

“…Die sich wandelnde IT-Landschaft im behördlichen Umfeld einerseits und einschlägige politisch-rechtliche Vorgaben (wie die EU-Richtlinien zum Datenschutz und zur Dienstleistungserbringung [11,12]) andererseits schaffen ein Umfeld, in dem neue Antworten auf die widerstrebenden Interessen von Datenschutz und datenintensiven Geschäftsprozessen gefunden werden müssen. Das europäische Forschungsprojekt Access-eGov (http://www.accessegov.org) hat es sich zum Ziel gesetzt, in diesem Umfeld eine verteilte serviceorientierte AAI zu entwickeln, in der den Anforderungen dynamischer Autorisierung und datenschutzgerechter Zugriffskontrolle eine besondere Bedeutung beigemessen wird [9]. …”

Section: Introductionunclassified

“…Dieser verwendet das Token dazu, um auf die geschützte Ressource zuzugreifen (8). Das Token wird vom PEP geprüft, und nachdem es anerkannt wird, kann der Ressourcenzugriff gewährt werden (9). Abbildung 3 zeigt ein Sequenzdiagramm des eben beschriebenen Zugriffskontrollvorganges, das die Rolle der jeweiligen Systemakteure innerhalb der Zugriffskontrollarchitektur verdeutlicht.…”

Section: Introductionunclassified