DocumentCode :
2388723
Title :
Negotiated security policies for e-services and Web services
Author :
Yee, George ; Korba, Larry
Author_Institution :
Inst. for Inf. Technol., Nat. Res. Council of Canada, Ottawa, Ont., Canada
fYear :
2005
fDate :
11-15 July 2005
Lastpage :
612
Abstract :
The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services and the increasing attacks on them by malicious individuals have highlighted the need for e-service security. The security requirements of an e-service may be specified in an e-service security policy. The provider of the e-service is then responsible for implementing the security measures contained in the policy. However, a service consumer may have security preferences that are not reflected in the provider´s e-service security policy (e.g. defense contractors may require higher levels of security). In order for service providers to reach a wider market, a way of customizing a security policy to a particular consumer is needed. We derive the content of an e-service security policy and propose a flexible approach that allows an e-service provider and consumer to negotiate to an agreed-upon e-service security policy. In addition, we examine how our approach may be implemented in a Web services environment and briefly describe the design of our security policy negotiation prototype.
Keywords :
Internet; electronic commerce; security of data; Internet; Web services environment; e-service security policy negotiation; Authentication; Banking; Councils; Information security; Information technology; Medical services; National security; Protection; Web and internet services; Web services;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on
Print_ISBN :
0-7695-2409-5
Type :
conf
DOI :
10.1109/ICWS.2005.85
Filename :
1530852
Link To Document :
بازگشت