Abstract
The power of Web services (WS) technology lies in the fact that it takes integration to a new level. With the increasing amount of services available on the Web, solutions are needed that address security concerns of distributed Web service applications such as end-to-end service requirements for authentication, authorization, data integrity and confidentiality, and non-repudiation in the context of dynamic WS applications. Semantic Web technology and Semantic Web services (SWSs) promise to provide solutions to the challenges of dynamically composed service-based applications. We investigate the use of semantic annotations for security WS that can be used by matchmakers or composition tools to achieve security goals. In the long-term we aim at establishing a security framework for SWS applications that include security services, authentication and authorization protocols, and techniques to exchange and negotiate policies. In this paper, we report on the first step toward this larger vision: specification, design, and deployment of semantically well-defined security services.
Keywords
- Service Composition
- Cryptographic Protocol
- Fair Exchange
- Security Assertion Markup Language
- Strand Space
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sycara, K., Ju, J., Klusch, M., Widoff, S.: Dynamic service matchmaking among agents in open information environments. ACM SIGMOD Record, Special Issue on the Semantic Interoperability in Global Information Systems (1999)
Denker, G., Hobbs, J., Martin, D., Narayanan, S., Waldinger, R.: Accessing information and services on the DAML-enabled Web. In: Decker, S., Fensel, D., Seth, A., Staab, S. (eds.) 2nd. Intern. Workshop on the Semantic Web SemWeb 2001, Workshop at WWW10, Hong Kong, China (2001), http://sunsite.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-40/
McIlraith, S., Song, T., Zeng, H.: Mobilizing the Semantic Web with DAMLenabled Web services. In: Decker, S., Fensel, D., Seth, A., Staab, S. (eds.) 2nd. Intern. Workshop on the Semantic Web SemWeb 2001, Workshop at WWW 10, Hongkong, China (2001), http://sunsite.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-40/
McIlraith, S., Song, T., Zeng, H.: Semantic Web services. IEEE Intelligent Systems, Special Issue on the Semantic Web 16, 46–53 (2001)
Hendler, J.: Agents on the Web. IEEE Intelligent Systems, Special Issue on the Semantic Web 16, 30–37 (2001)
Kagal, L.: Rei: A Policy Language for the Me-Centric Project. HP Labs Technical Report (2002)
Kagal, L., Finin, T., Joshi, A.: A policy language for pervasive systems. In: Fourth IEEE International Workshop on Policies for Distributed Systems and Networks (2003)
Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS policy and domain services: Toward a description-logic approach to policy representation, deconfliction and enforcement. In: IEEE Workshop on Policy 2003, pp. 93–96 (2003)
Bradshaw, J., Uszok, A., Jeffers, R., Suri, N., Hayes, P., Burstein, M., Acquisiti, A., Benyo, B., Breedy, M., Carvalho, M., Diller, D., Johnson, M., Kulkarni, S., Lott, J., Sierhuis, M., Hoof, R.V.: Representation and Reasoning for DAML-Based Policy and Domain Services in KAoS and Nomads. Submitted to AAMAS 2003, Melbourne, Australia, July 14-18 (2003)
Ribeiro, C.N., Zuquete, A., Ferreira, P., Guedes, P.: SPL: An access control language for security policies with complex constraints. In: Network and Distributed System Security Symposium, NDSS 2001 (2001)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 18. Springer, Heidelberg (2001)
Golbeck, J., Parsia, B., Hendler, J.: Inferring reputation on the Semantic Web (2004), http://www.mindswap.org/papers/GolbeckWWW04.pdf
Gandon, F., Sadeh, N.: A semantic e-wallet to reconcile privacy and context awareness. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 385–401. Springer, Heidelberg (2003)
Gil, Y., Ratnakar, V.: Trusting information sources one citizen at a time. In: Horrocks, I., Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, p. 162. Springer, Heidelberg (2002)
Atkinson, B., Della-Libera, G., Hada, S., Hondo, M., Hallam-Baker, P., Klein, J., LaMacchia, B., Leach, P., Manferdelli, J., Maruyama, H., Nadalin, A., Nagaratnam, N., Prfullchandra, H., Shewchuk, J., Simon, D.: Web services security, WS-Security (2002), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
IETF and W3C Working Group: XML encryption (2001), http://www.w3.org/Encryption/2001/
IETF and W3C Working Group: XML signature (2003), http://www.w3.org/Signature/
(SSTC), O.S.S.T.: Security assertion markup language (SAML) - core assertion architecture (2001), http://www.oasis-open.org/committees/security/docs/draft-sstc-core-19.p%df
(Liberty alliance project specifications), http://www.projectliberty.org/specs/
Wu, D., Parsia, B., Sirin, E., Hendler, J., Nau, D.: Automating DAML-S Web services composition using SHOP2. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003 [28]. LNCS, vol. 2870, pp. 195–210. Springer, Heidelberg (2003)
Chen, L., Shadbold, N., Goble, C., Tao, F., Cox, S., Puleston, C., Smart, P.: Towards a knowledge-based approach to semantic service composition. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003 [28]. LNCS, vol. 2870, pp. 319–334. Springer, Heidelberg (2003)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21, 993–998 (1978)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28, 637–647 (1985)
Bao, F., Deng, R., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In: Proc. 19th IEEE Computer Society Symposium on Research in Securiyt and Privacy, IEEE, Los Alamitos (1998)
Franklin, M.K., Reiter, M.K.: Fair exchange with a semi-trusted third party (extended abstract). In: ACM Conference on Computer and Communications Security, pp. 1–5 (1997)
Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system for security protocol and its logical formalization. In: Proc. IEEE Computer Security Foundations Workshop, Asilomar, CA, June 30 -July 2, pp. 109–125 (2003)
Guttman, J., Thayer, F., Carlson, J., Herzog, J., Ramsdell, J., Sniffen, B.: Trust management in strand spaces: A rely-guarantee method. In: European Symposium on Programming (ESOP 2004), Barcelona, Spain, March 29-April 2 (2004)
Fensel, D., Sycara, K., Mylopoulos, J. (eds.): ISWC 2003. LNCS, vol. 2870. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Denker, G., Nguyen, S., Ton, A. (2004). OWL-S Semantics of Security Web Services: a Case Study. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds) The Semantic Web: Research and Applications. ESWS 2004. Lecture Notes in Computer Science, vol 3053. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25956-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-25956-5_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21999-6
Online ISBN: 978-3-540-25956-5
eBook Packages: Springer Book Archive