Context-driven policy enforcement and reconciliation for Web services

Abstract

Security of Web services is a major factor to their successful integration into critical IT applications. An extensive research in this direction concentrates on low level aspects of security such as message secrecy, data integrity, and authentication. Thus, proposed solutions are mainly built upon the assumption that security mechanisms are static and predefined. However, the dynamic nature of the Internet and the continuously changing environments where Web services operate require innovative and adaptive security solutions. This paper presents our solution for securing Web services based on adaptive policies, where adaptability is satisfied using the contextual information of the Web services. The proposed solution includes a negotiation and reconciliation protocol for security policies.