Special Offers
- Acquire a Source of Open Access (OA) APC Funding for Your Institution Through
  IGI Global's OA Fee Waiver (Offset Model) Initiative
  For any library that invests in IGI Global's InfoSci-Books and/or InfoSci-Journals databases, IGI Global will match the library’s investment with a fund of equal value to go toward subsidizing the OA APCs for their faculty patrons when their work is submitted/accepted under OA into an IGI Global journal.
  Learn More
- Subscribe to the Latest Research Through IGI Global's InfoSci-OnDemand Plus
  InfoSci®-OnDemand Plus, a subscription-based service, provides researchers the ability to access full-text content from over 100,000+ peer-reviewed book chapters and 25,000+ scholarly journal articles that spans across 350+ topics in 11 core subjects. Users can select articles or chapters that meet their interests and gain access to the full content permanently in their personal online InfoSci-OnDemand Plus library.
  Subscribe
- Purchase the Encyclopedia of Information Science and Technology, Fourth Edition
  and Receive Complimentary E-Books of Previous Editions
  When ordering directly through IGI Global's Online Bookstore, receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book.
  Purchase
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning InfoSci^®-Databases.
  Sign Up Now!
- Receive a 20% Discount on All Publications Purchased Through
  IGI Global’s Online Bookstore
  This discount cannot be combined with any other offer and is only valid when purchasing directly through IGI Global. (Exclusion of select titles and products may apply).
  Browse Publications
Books
Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - Researchers
  - Browse Books
  - Browse Journals
  - Search Open Access Content
  - Streaming Videos
  - OnDemand Downloads
  - Webinars
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
  - Distributors
  - Distributor Resources
  - Book Distributors
  - Journal Subscription Agencies
  - E-Resource Partners
Catalogs
About Us
Newsroom

Security Policies in Web Services

Deepti Parachuri (Infosys Technologies Limited, India) and Sudeep Mallick (Infosys Technologies Limited, India)

Source Title: Web Services Security Development and Architecture: Theoretical and Practical Issues

DOI: 10.4018/978-1-60566-950-2.ch007

OnDemand PDF Download:

$37.50

Abstract

Security is of fundamental concern in computing systems. This chapter covers the role of security policies in Web services. First, it examines the importance of policies in web services and explains the WS-Policy standard. It also highlights the relation of WS-Policy with other WS-* specifications. Next, it covers different facets of security requirements in SOA implementations. Later, it examines the importance of security policies in web services. It also presents the basic concepts of WS-Security policy language. WS-Security policy specification specifies a standard way to define and publish security requirements in an extensible and interoperable way. A service provider makes use of security policy to publish the security measures implemented to protect the service. Security policies can also be made customizable to meet the security preferences of different consumers. Towards the end, it discusses about the governance of security polices and also future trends in security policies for web services.

Chapter Preview

Top

2. Background On Policies In Web Services

Policies are defined as information which can be used to modify the behavior of a system. There are two reasons for using policies in Web services for developing interoperable business processes. Firstly, policies permit managing Web services at a higher level where details of composition are separated from the behavior of Web services. Secondly, policies help in creating interoperable and adaptive service systems. Policies also address issues like how to deal with Web service unreliability, and how to substitute a Web service with an equivalent one?

There are many ways to associate policies with Web services. A simple scenario for application of policy is “Consumer sends a service request to Provider. If the service request conforms to Provider’s policy for requests, then Provider accepts the request, else it returns a fault status.” This situation exists, for instance, where Provider requires Consumer to assign a unique identifier to its request, in accordance with WS-Reliability. If it receives a request with no suitable identifier, then it will return a fault status. Provider may publish its policy in one or more number of ways, UDDI, WSDL, HTTP, LDAP, DNS or in SQL or SAML request/response messages. Policies can also be included in SOAP headers.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Security Policies in Web Services

Abstract

2. Background On Policies In Web Services

Complete Chapter List