Title :
Managing security policy in a large distributed Web services environment
Author :
Chang, Symon ; Chen, Qiming ; Hsu, Meichun
Author_Institution :
Commerce One Inc., Pleasanton, CA, USA
Abstract :
Effectively managing security policies in a large distributed Web Services environment is the key to secure e-business transactions. Security policy must ensure the end-to-end agreement for many-to-many interoperation; ensure the versioning interoperability and privacy of collaborating partners; and ensure the dynamic establishment of security policies because any statically defined security policy tends to be unsecured after a certain period of time. The traditional security policy configuration mechanisms, either the local configuration mechanism or the centralized configuration mechanism, cannot fully meet the above requirements. In this paper we describe a solution for managing security policies in a collaborative Web Services environment. This solution is based on ebXML CPP/CPA model and uses Interoperability Contract Document (ICD). It allows the collaboration parties to establish security policy dynamically for each individual interoperation; makes the selected policy confidential; and addresses the software, message, and policy versioning and interoperability issues. Our experience reveals the advantages of this approach over others.
Keywords :
Internet; XML; data privacy; electronic commerce; open systems; security of data; ICD; Interoperability Contract Document; centralized configuration; distributed Web services; e-business transactions security; ebXML CPP/CPA model; end-to-end agreement; local configuration; many-to-many interoperation; security policy configuration; security policy management; static security policy; versioning interoperability; Business; Collaboration; Collaborative software; Contracts; Electronic commerce; Environmental management; Privacy; Security; Web and internet services; Web services;
Conference_Titel :
Computer Software and Applications Conference, 2003. COMPSAC 2003. Proceedings. 27th Annual International
Print_ISBN :
0-7695-2020-0
DOI :
10.1109/CMPSAC.2003.1245404