A Web Services Security Policy Description Model

Abstract

With the rapid development of web services technology, the security policies defined in WS-SecurityPolicy are widely used for expressing security properties, capabilities, constraints and requirements of web services. It is well-known that security policies are crucial in the negotiation phase of service discovery and selection. However, such security policies are hard to understand and extremely error-prone, due to the complexity of the WS-SecurityPolicy specification. At the same time, because the WS-SecurityPolicy is described by natural language, there have ambiguity problem. These problem seriously hindered the development of web services policy. Therefore, this paper proposes a web services security policy description model to describe accurately and clearly security policies. The security policy model employs the formal modeling method to convert the policy assertions into the security rules.