| Download | - View accepted manuscript: Negotiated Security Policies for E-Services and Web Services (PDF, 419 KiB)
|
|---|
| Author | Search for: Yee, George; Search for: Korba, Larry |
|---|
| Format | Text, Article |
|---|
| Conference | 2005 IEEE International Conference on Web Services (ICWS 2005), July 11-15, 2005, Orlando, Florida, USA |
|---|
| Abstract | The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, ehealth). This proliferation of e-services and the increasing attacks on them by malicious individuals have highlighted the need for e-service security. The security requirements of an e-service may be specified in an e-service security policy. The provider of the eservice is then responsible for implementing the security measures contained in the policy. However, a service consumer may have security preferences that are not reflected in the provider's e-service security policy (e.g. defense contractors may require higher levels of security). In order for service providers to reach a wider market, a way of customizing a security policy to a particular consumer is needed. We derive the content of an e-service security policy and propose a flexible approach that will allow an e-service provider and consumer to negotiate to an agreed-upon e-service security policy. In addition, we examine how our approach may be implemented in a Web Services environment and briefly describe the design of our security policy negotiation prototype. |
|---|
| Publication date | 2005 |
|---|
| In | |
|---|
| Language | English |
|---|
| NRC number | NRCC 47449 |
|---|
| NPARC number | 8913597 |
|---|
| Export citation | Export as RIS |
|---|
| Report a correction | Report a correction (opens in a new tab) |
|---|
| Record identifier | 2236b48f-4999-428a-91ac-ef0809a4fb77 |
|---|
| Record created | 2009-04-22 |
|---|
| Record modified | 2020-10-09 |
|---|
