Security oriented service composition: A framework

Abstract

This paper argues that in order to address the challenges of security compatibility checking between the client's software and the service software in a service oriented software environment, the followings have to be achieved: (i) services need to be specified together with their security policies along with importance of stakeholders (users and providers), and (ii) the security compatibility needs to be analyzed in terms of security requirements and capabilities of the interacting systems at the time of service composition. With these objectives in mind, this paper proposes a framework for security compatibility of service consumptions. The framework is based on a method of abstracting security policies using an ontology, and a rule based technique for automatically checking the security compatibility between interacting software systems. 2012 IEEE.