Providing Web Services Security SLA Guarantees: Issues and Approaches

Providing Web Services Security SLA Guarantees: Issues and Approaches

Vishal Dwivedi (Infosys Technologies Limited, India)
Copyright: © 2009 |Pages: 20
DOI: 10.4018/978-1-60566-042-4.ch013
OnDemand PDF Download:


This chapter underlines the importance of security service level agreements (SLAs) for Web services. As Web services are increasingly incorporated in the mainstream enterprises, the need for security has led to various standards. However unlike nonfunctional requirements such as performance, scalability and so forth, which are quantitative and are enforced through SLAs, security is represented only through policies. There exist quite a few frameworks for security at different levels of enactment; however, what is clearly missing is an approach to represent security SLAs and enacting them for a Web service environment. In this chapter, we primarily focus on two aspects. We first focus on the security requirements for Web services and the currently available stack of security mechanisms and frameworks for achieving security at various levels of Web service implementation. The second focus is on how these could be utilized to build security SLAs, which could be enforced on Web services. Later in the chapter we suggest a conceptual model to represent these SLA clauses and present an approach to enact them.
Chapter Preview


SLAs have been commonly used to specify nonfunctional requirements which ascertain the criteria for the correct operation of the system. Typical nonfunctional requirements which are covered through SLAs today include reliability, scalability, cost and so forth, most of which are measurable attributes. The need for a Web service security SLA arises from the fact that Web services are designed to be composed from candidate services, the credentials of each required to be verified for an enterprise level service orchestration. A security SLA would typically comprise of the following quality of service (QoS) attributes:

  • Access Control: Provision of only need-to-know information/privileges.

  • Authorization and Authentication: The prevention of data/information access by invalid users.

  • Availability: The prevention of degradation or interruption as a consequence of failures.

  • Confidentiality: The prevention of unauthorized disclosure of data.

  • Integrity: The prevention of unauthorized modification of data.

There exist quite a few approaches, standards, and frameworks which address the above issues for implementing security for Web services. Security assertion markup language (SAML) is an XML standard designed by OASIS for exchanging authentication and authorization data between service and identity providers. Not only does it provided support for transport-level security (through SSL 3.0 and TLS 1.0), but it also ensured message-level security (using XML signature and XML encryption). Later, Liberty alliance extended SAML for identity management. Although SAML was used as a de-facto industry standard for exchanging authorization information, it was limited by its declarative limitations and was followed by extensible access control markup language (XACML), which provided support for a more declarative-access control-policy definition. Later in 2006, W3C defined WS-policy as a XML-based standard for definition and specification of Web services policies (on security and QoS, etc.)

In spite of all these frameworks and standards, security SLAs were never enacted in real life. In this work we discuss the need for security SLAs, some of the current work towards providing security SLA guarantees, and towards the end we suggest our approach for enactment of security SLAs.


Security Requirements For Web Services

Security SLAs would work with typical security attributes that represent the overall set of security QoS requirements of the concerned system. In case of Web services, while the core security requirements of online systems apply, they need to be aware of the specific requirements of Web services. In this section, we shall cover the basic requirements of Web services security.

Complete Chapter List

Search this Book:
Table of Contents
Torbjørn Skramstad
Khaled M. Khan
Khaled M. Khan
Chapter 1
Ghita Kouadri Mostefaoui
The ultimate effectiveness in terms of quality achievements should be a key concern of systems built from Web services. To this end, in this chapter... Sample PDF
The Development, Testing, and Deployment of a Web Services Infrastructure for Distributed Healthcare Delivery, Research, and Training
Chapter 2
Abdelghani Benharref, Mohamed Adel Serhani, Mohamed Salem, Rachida Dssouli
Web services are a new breed of applications that endorse large support from main vendors from industry as well as academia. As the Web services... Sample PDF
Multi-Tier Framework for Management of Web Services' Quality
Chapter 3
Krishna Ratakonda
In this chapter we present an overview of research and development efforts across several different technical communities aimed at enabling... Sample PDF
Quality Models for Multimedia Delivery in a Services Oriented Architecture
Chapter 4
Julio Fernández Vilas
Several open issues in Web services architecture are being solved by using different kinds of solutions. Standard high-availability techniques based... Sample PDF
Virtual Web Services: Extension Architecture to Alleviate Open Problems in Web Services Technology
Chapter 5
Witold Abramowicz
The following chapter focuses on the problem of the proper definition of non-functional properties and methods that may be applied in order to... Sample PDF
Profiling of Web Services to Measure and Verify their Non-Functional Properties
Chapter 6
Kyriakos Kritikos
As the Web service (WS) paradigm gains popularity for its promise to transform the way business is conducted, the number of deployed WSs grows with... Sample PDF
Enhancing the Web Service Description and Discovery Processes with QoS
Chapter 7
Michael C. Jaeger, Matthias Werner
This chapter presents the definition of relevant terminology and a conceptual model of the basic terms. The chapter starts with the presentation of... Sample PDF
Web Services Dependability
Chapter 8
Frederic Montagut, Refik Molva, Silvan Tecumseh Golega
Composite applications leveraging the functionalities offered by Web services are today the underpinnings of enterprise computing. However, current... Sample PDF
Transactional Composite Applications
Chapter 9
Enrico Pontelli, Tran Cao Son, Chitta Baral
This chapter presents a comprehensive logic programming framework designed to support intelligent composition of Web services. The underlying model... Sample PDF
A Logic Programming Based Framework for Intelligent Web Service Composition
Chapter 10
Daniel Brenner, Barbara Paech, Matthias Merdes, Rainer Malaka
For the foreseeable future, testing will remain the mainstay of software quality assurance and measurement in all areas of software development... Sample PDF
Enhancing the Testability of Web Services
Chapter 11
Ghita Kouadri Mostefaoui, Zakaria Maamar, Nanjangud C. Narendra
This chapter presents our research initiative known as aspect-oriented framework for Web services (AoF4WS). This initiative looks into the role of... Sample PDF
Aspect-Oriented Framework for Web Services (AoF4WS): Introduction and Two Example Case Studies
Chapter 12
Ty Mey Eap, Marek Hatala, Dragan Gaševic, Nima Kaviani, Ratko Spasojevic
The lack of intrinsic and user control in the identity management of today Internet security hampers the research in the area of Semantic Web and... Sample PDF
Open Security Framework for Unleashing Semantic Web Services
Chapter 13
Vishal Dwivedi
This chapter underlines the importance of security service level agreements (SLAs) for Web services. As Web services are increasingly incorporated... Sample PDF
Providing Web Services Security SLA Guarantees: Issues and Approaches
Chapter 14
Fatih Oguz
This chapter describes a research study with an objective to explore and describe decision factors related to technology adoption. The study... Sample PDF
Adoption of Web Services in Digital Libraries: An Exploratory Study
Chapter 15
Bijoy Majumdar
Change is the only constant, and this concept holds good for services too. Service maintenance is the most tedious and longest phase of service... Sample PDF
Service Evolution and Maintainability
Chapter 16
Pauline Ratnasingam
This chapter aims to examine the extent of Web services usage and quality, applying the balanced scorecard methodology in a small business firm as... Sample PDF
The Role of Web Services: A Balance Scorecard Perspective
About the Contributors