An Ontology-Based Security Policy Description Framework For Web Services

The Service-Oriented Architecture (SOA) is gaining more attention with the advent of various networked services on the Web. Web Service is a new application model for decentralized computing and facilitates the interaction and integrity of heterogeneous platforms. The Web Services infrastructure is the combination of three technical standards: SOAP, WSDL, and UDDI, which represent communication protocols, service descriptions, and service discovery respectively. Though those standards are coming to maturity, security is a crucial requirement for the large-scale usage and adoption of Web Services technology.Web Services security problems can be divided into three levels of security: Network Transport Security, SOAP Message Security, and Application-level Security. With the maturity of network security and SOAP message security technologies, more efforts are made to deal with the issues of application-level security, which means security policy design and employment.Based on an analysis of Web Services security policy and an investigation of the exiting policy description languages, this thesis presents PROSPECTOR, an ontology based security policy description framework for Web Services. Two important aspects of Web Services security policy, access control and privacy, are considered in PROSPECTOR, and the possibility of strengthening the PROSPECTOR with rule-supplemented approach is also discussed. Finally a PROSPECTOR engine is provided to enforce access control for Web Services.