Open Security Framework for Unleashing Semantic Web Services

Open Security Framework for Unleashing Semantic Web Services

Ty Mey Eap (Simon Fraser University, Canada), Marek Hatala (Simon Fraser University, Canada), Dragan Gaševic (Athabasca University, Canada), Nima Kaviani (University of British Columbia, Canada) and Ratko Spasojevic (TELUS Security Solutions, Canada)
Copyright: © 2009 |Pages: 22
DOI: 10.4018/978-1-60566-042-4.ch012
OnDemand PDF Download:


The lack of intrinsic and user control in the identity management of today Internet security hampers the research in the area of Semantic Web and service-oriented architectures. Semantic Web research is seeking to develop expert Web services that are a composition of specialized Web services of multiorganizations. To unleash these emergent Web services, we propose an open security framework that is based on the concept of personal identity management. Despite the resistance from today’s Internet security dominated by domain-centric identity management, we believe that when all the alternatives are exhausted, the industry will come to the conclusion that the concept of personal identity management is the only approach to provide true user-centric identity management and give users control over the management of their identities.
Chapter Preview


The service-oriented architecture (SOA) framework features reusability, loose coupling, abstraction, and discoverability. These features are essential for model driven engineering and providing a strong foundation for Semantic Web services; it is a design philology that pushes the boundaries of traditional design to offer highly qualified Web services. Services have the intelligence to trigger a chain of events and to collaborate with other services. In the SOA paradigm, a Web service can be a composition of multiple services located across multiple networks and can have different security settings and authentication requirements. Some services are composed dynamically on the fly, based on the availability and the accessibility of services within the composition framework (Cotroneo, Graziano, & Russo, 2004). Moreover, services can use different authentication systems that require user identities other than the one who invokes the composite service. Consider a company providing a risk assessment service to companies in the transportation business. To assess the risk, this expert service needs to have driving and health records of the employees and vehicle maintenance reports, accident reports, and so forth from a number of outsourcing companies. The risk service needs to collaborate with many services, and the access to these services may require different sets of user credentials. However, current Internet security infrastructure cannot support such context rich Web services. Currently, there is no mechanism for a risk assessment service to access employees’ personal information. The employees must retrieve their records from the healthcare and driver license services and make the records available to the risk assessment service. Outsourcing companies must do the same for their accident and maintenance reports. The procedure is costly, and at best, companies can conduct their risk assessment once a year. This short scenario demonstrates the need for a new design of the Internet security framework that is capable of allowing services to collaborate with each other while strengthening the protection of privacy. The risk assessment service is a type of services that the future Internet users expect from the Internet technology and is a typical expert service that can improve the quality of Web services.

Traditional Internet security is designed for standalone systems. Over the recent years, the growing number of online services has changed the requirements of Internet security and forced the industry to develop new security infrastructures to respond to this challenge. In the context of a federation, single sign-on (SSO) was developed to allow users access multiple services using a single login. However, the SSO framework relies on user interaction to perform the authentication and user vigilant to make sure that the Web sites they access and the authenticating sites are legitimated. Unlike Web applications, Web services act on behalf of a user. The SOA must layout the whole security framework and ensure that all services are secured, and security policies must be in place to allow services to collaborate safely with each other. Since access to the services within a composition requires different sets of credentials, a SOA-security must be able to obtain user consent dynamically during the runtime.

Complete Chapter List

Search this Book:
Table of Contents
Torbjørn Skramstad
Khaled M. Khan
Khaled M. Khan
Chapter 1
Ghita Kouadri Mostefaoui
The ultimate effectiveness in terms of quality achievements should be a key concern of systems built from Web services. To this end, in this chapter... Sample PDF
The Development, Testing, and Deployment of a Web Services Infrastructure for Distributed Healthcare Delivery, Research, and Training
Chapter 2
Abdelghani Benharref, Mohamed Adel Serhani, Mohamed Salem, Rachida Dssouli
Web services are a new breed of applications that endorse large support from main vendors from industry as well as academia. As the Web services... Sample PDF
Multi-Tier Framework for Management of Web Services' Quality
Chapter 3
Krishna Ratakonda
In this chapter we present an overview of research and development efforts across several different technical communities aimed at enabling... Sample PDF
Quality Models for Multimedia Delivery in a Services Oriented Architecture
Chapter 4
Julio Fernández Vilas
Several open issues in Web services architecture are being solved by using different kinds of solutions. Standard high-availability techniques based... Sample PDF
Virtual Web Services: Extension Architecture to Alleviate Open Problems in Web Services Technology
Chapter 5
Witold Abramowicz
The following chapter focuses on the problem of the proper definition of non-functional properties and methods that may be applied in order to... Sample PDF
Profiling of Web Services to Measure and Verify their Non-Functional Properties
Chapter 6
Kyriakos Kritikos
As the Web service (WS) paradigm gains popularity for its promise to transform the way business is conducted, the number of deployed WSs grows with... Sample PDF
Enhancing the Web Service Description and Discovery Processes with QoS
Chapter 7
Michael C. Jaeger, Matthias Werner
This chapter presents the definition of relevant terminology and a conceptual model of the basic terms. The chapter starts with the presentation of... Sample PDF
Web Services Dependability
Chapter 8
Frederic Montagut, Refik Molva, Silvan Tecumseh Golega
Composite applications leveraging the functionalities offered by Web services are today the underpinnings of enterprise computing. However, current... Sample PDF
Transactional Composite Applications
Chapter 9
Enrico Pontelli, Tran Cao Son, Chitta Baral
This chapter presents a comprehensive logic programming framework designed to support intelligent composition of Web services. The underlying model... Sample PDF
A Logic Programming Based Framework for Intelligent Web Service Composition
Chapter 10
Daniel Brenner, Barbara Paech, Matthias Merdes, Rainer Malaka
For the foreseeable future, testing will remain the mainstay of software quality assurance and measurement in all areas of software development... Sample PDF
Enhancing the Testability of Web Services
Chapter 11
Ghita Kouadri Mostefaoui, Zakaria Maamar, Nanjangud C. Narendra
This chapter presents our research initiative known as aspect-oriented framework for Web services (AoF4WS). This initiative looks into the role of... Sample PDF
Aspect-Oriented Framework for Web Services (AoF4WS): Introduction and Two Example Case Studies
Chapter 12
Ty Mey Eap, Marek Hatala, Dragan Gaševic, Nima Kaviani, Ratko Spasojevic
The lack of intrinsic and user control in the identity management of today Internet security hampers the research in the area of Semantic Web and... Sample PDF
Open Security Framework for Unleashing Semantic Web Services
Chapter 13
Vishal Dwivedi
This chapter underlines the importance of security service level agreements (SLAs) for Web services. As Web services are increasingly incorporated... Sample PDF
Providing Web Services Security SLA Guarantees: Issues and Approaches
Chapter 14
Fatih Oguz
This chapter describes a research study with an objective to explore and describe decision factors related to technology adoption. The study... Sample PDF
Adoption of Web Services in Digital Libraries: An Exploratory Study
Chapter 15
Bijoy Majumdar
Change is the only constant, and this concept holds good for services too. Service maintenance is the most tedious and longest phase of service... Sample PDF
Service Evolution and Maintainability
Chapter 16
Pauline Ratnasingam
This chapter aims to examine the extent of Web services usage and quality, applying the balanced scorecard methodology in a small business firm as... Sample PDF
The Role of Web Services: A Balance Scorecard Perspective
About the Contributors