The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Security for Web Services - Standards and Research Issues

Download

Download PDF Document
PDF

Author

L. D. Martino, E. Bertino

Tech report number

CERIAS TR 2006-34

Entry type

article

Abstract

This paper identifies the main security requirements for Web services and it describes how such security requirements are ad- dressed by standards for Web services security recently developed or under development by various standardizations bodies. Standards are reviewed according to a conceptual framework that groups them by the main functionalities they provide. Standards that are covered include most of the standards encompassed by the WSS roadmap [2]; the Secu- rity Assertion Markup Language -SAML-, WS-Policy, XACML, that is related to access control and has been recently extended with a profile for Web services access control; XKMS and WS-Trust; WS-Federation, LibertyAlliance and Shibboleth, that address the important problem of identity management in federated organizations. Finally, issues related to the use of the standards are discussed and open research issues in the area of access control for Web services and innovative digital identity management techniques are outlined.

Download

PDF

Key alpha

L. D. Martino

School

Department of Computer Technology, Department of CS

Affiliation

Purdue University

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.