2006 IEEE Web Services Security Symposium
Author
IEEE Web Services Security Symposium
Tech report number
CERIAS TR 2006-23
Abstract
The 2006 IEEE Workshop on Web Services Security was held
May 21, 2006, in Oakland, California, USA. The workshop provided a forum for the presentation, discussion, and dissemination of new results on security challenges presented by the Web Services. It was organized in conjunction with the 2006 IEEE Symposium on Security and Privacy.
The program committee selected 6 papers for inclusion into the proceedings. Each submission was reviewed by at least 3 members of the Program Committee. The Program Committee meeting was held electronically. We would like to thank all the authors for submitting to WSSS.
The one day workshop comprised of
presentations, followed by discussions of the accepted papers. In addition to the research program, the workshop featured 2 invited
talks and panel discussion.
Booktitle
IEEE WSSS Proceedings
Note
PAPERS IN THE TECHNICAL REPORT:
1. AMPol: Adaptive Messaging Policy, Raja N. Afandi, Jianqing Zhang,
Munawar Haz, and Carl A. Gunter. University of Illinois at Urbana-
Champaign, USA.
2. Enhancing Privacy in Identity Federation Anonymous Credentials Ensure Unlinkability in WS-Security, Jan Camenisch, Thomas Gross, and Dieter Sommer. IBM Zurich Research Laboratory, Switzerland.
3. Semantic-Aware Data Protection in Web Services, Csilla Farkas1,
Amit Jain1, Duminda Wijesekera2, Anoop Singhal3, and Bhavani
Thuraisingham4. 1 University of South Carolina, 2 George Mason Uni-
versity, 3 National Institute of Standards and Technology, 4 University of Texas at Dallas, USA.
4. Authorization Strategies for Virtualized Environments in Grid Computing Systems, Xinming Ou, Anna Squicciarini, Sebastien Goasguen, and
Elisa Bertino. Purdue University, USA.
5. Security Mechanisms for Data Intensive Systems, Periorellis P., Wu J., and Watson P. University of Newcastle Upon Tyne, UK.
6. SAML Artifact Information Flow Revisited, Thomas Gross and Birgit
Pfitzmann. IBM Zurich Research Laboratory, Switzerland.
Publisher
CERIAS TECH REPORT
Publication Date
2006-05-21
Contents
INDEX OF PAPERS IN THE TECHNICAL REPORT:
1. AMPol: Adaptive Messaging Policy, Raja N. Afandi, Jianqing Zhang,
Munawar Haz, and Carl A. Gunter. University of Illinois at Urbana-
Champaign, USA.
2. Enhancing Privacy in Identity Federation Anonymous Credentials Ensure Unlinkability in WS-Security, Jan Camenisch, Thomas Gross, and Dieter Sommer. IBM Zurich Research Laboratory, Switzerland.
3. Semantic-Aware Data Protection in Web Services, Csilla Farkas1,
Amit Jain1, Duminda Wijesekera2, Anoop Singhal3, and Bhavani
Thuraisingham4. 1 University of South Carolina, 2 George Mason Uni-
versity, 3 National Institute of Standards and Technology, 4 University of Texas at Dallas, USA.
4. Authorization Strategies for Virtualized Environments in Grid Computing Systems, Xinming Ou, Anna Squicciarini, Sebastien Goasguen, and
Elisa Bertino. Purdue University, USA.
5. Security Mechanisms for Data Intensive Systems, Periorellis P., Wu J., and Watson P. University of Newcastle Upon Tyne, UK.
6. SAML Artifact Information Flow Revisited, Thomas Gross and Birgit
Pfitzmann. IBM Zurich Research Laboratory, Switzerland.
Location
A hard-copy of this is in REC 216
Subject
Web Services Security:
The advance of Web Services technologies promises to have far reaching effects on the Internet and enterprise networks. Web services based on eXtensible Markup Language (XML), Simple Object Access Protocol (SOAP) and related open standards in the area of Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and adhoc connections. However, the security challenges presented by the Web Services approach are formidable. Many of the features that make Web Services attractive are at odds with traditional security models and controls. This workshop will explore the challenges in the area of Web Services Security ranging from security issues in XML, SOAP and UDDI to higher level issues such as advanced metadata, general security policies and service assurance.
Topics of interest included in the symposium were as follows:
* Web services and GRID computing security
* Authentication and authorization
* Integrity and transaction management for Web Services
* Use of Web Services in Trusted Computing Platform
* Semantic aware Web Services security
* Privacy and digital identity
* Trust negotiation for Web Services
* Secure web service composition and workflows