Web Service Security Management Using Semantic Web Techniques

The importance of the Web service technology for business, government, among other sectors, is growing. Its use in these sectors demands security concern. The Web Services Security standard is a step towards satisfying this demand. However, in the current security approach, the mechanism used for describing security properties of Web services restricts security policy specification and intersection. In environments that include loosely-coupled components, a rich description of components is needed to determine whether they can interact in a secure manner. The goal of this paper is to propose a security approach for Web services, which combines Web Services Policy Framework policies and a Web Ontology Language ontology to overcome the limitation of the current syntactic approach. The main contribution of this paper is an extended approach based on semantics-enriched security policies.