Improving Matching Web Service Security Policy Based on Semantics

Full Text (PDF, 516KB), PP.67-74

Views: 0 Downloads: 0


Amira Abdelatey 1,* Mohamed Elkawkagy 1 Ashraf Elsisi 1 Arabi Keshk 1

1. Faculty of Computers and Information/Computer Science, Menofia University, Egypt

* Corresponding author.


Received: 5 Apr. 2016 / Revised: 13 Jul. 2016 / Accepted: 5 Sep. 2016 / Published: 8 Dec. 2016

Index Terms

Ontology matching, web service, SOA message security, Web service non-functional properties, web service security policy


Nowadays the trends of web is to become a collection of services that interoperate through the Internet. The first step towards this inter-operation is finding services that meet requester requirements; which is called a service discovery. Service discovery matches functional and non-functional properties of the requester with the provider. In this paper, an enhanced matching algorithm of Web Service Security Policy (WS-SP) is proposed to perform requirement-capability matchmaking of a consumer and a provider. Web service security policy specifies the security requirements or capabilities of a web service participant (a provider or a consumer). Security requirement or a capability of a participant is one of the non-functional properties of a web service. The security addressed through this paper is the integrity and the confidentiality of web service SOA message transmitted between participants. The enhanced matching algorithm states simple policy and complex policy cases of the web service security as a non-functional attribute. A generalization matching algorithm is introduced to get the best-matched web service provider from a list of available providers for serving the consumer.

Cite This Paper

Amira Abdelatey, Mohamed Elkawkagy, Ashraf Elsisi, Arabi Keshk, "Improving Matching Web Service Security Policy Based on Semantics", International Journal of Information Technology and Computer Science(IJITCS), Vol.8, No.12, pp.67-74, 2016. DOI:10.5815/ijitcs.2016.12.08


[1]M. P. Papazoglou, "Service-oriented computing: Concepts, characteristics and directions," in Web Information Systems Engineering, 2003. WISE 2003. Proceedings of the Fourth International Conference on, 2003, pp. 3-12.

[2]D. Guinard, V. Trifa, S. Karnouskos, P. Spiess, and D. Savio, "Interacting with the soa-based internet of things: Discovery, query, selection, and on-demand provisioning of web services," Services Computing, IEEE Transactions on, vol. 3, pp. 223-235, 2010.

[3]A. FELLAH, M. Malki, and A. ELÇI, "Web Services Matchmaking Based on a Partial Ontology Alignment," 2016.

[4]E. M. Maximilien and M. P. Singh, "Toward autonomic web services trust and selection," in Proceedings of the 2nd international conference on Service oriented computing, 2004, pp. 212-221.

[5]T. Lavarack and M. Coetzee, "Considering web services security policy compatibility," in Information Security for South Africa (ISSA), 2010, 2010, pp. 1-8.

[6]N. N. Chiplunkar and A. Kumar, "Dynamic Discovery of Web Services using WSDL," International Journal of Information Technology and Computer Science (IJITCS), vol. 6, p. 56, 2014.

[7]L. Seinturier, P. Merle, R. Rouvoy, D. Romero, V. Schiavoni, and J. B. Stefani, "A component‐based middleware platform for reconfigurable service‐oriented architectures," Software: Practice and Experience, vol. 42, pp. 559-583, 2012.

[8]D. Jamil and H. Zaki, "Security issues in cloud computing and countermeasures," International Journal of Engineering Science and Technology (IJEST), vol. 3, pp. 2672-2676, 2011.

[9]S. Weerawarana, F. Curbera, F. Leymann, T. Storey, and D. F. Ferguson, Web services platform architecture: SOAP, WSDL, WS-policy, WS-addressing, WS-BPEL, WS-reliable messaging and more: Prentice Hall PTR, 2005.

[10]A. S. Vedamuthu, D. Orchard, F. Hirsch, M. Hondo, P. Yendluri, T. Boubez, et al., "Web services policy 1.5-framework," W3C Recommendation, vol. 4, pp. 1-41, 2007.

[11]J. De Bruijn, R. Lara, A. Polleres, and D. Fensel, "OWL DL vs. OWL flight: conceptual modeling and reasoning for the semantic Web," in Proceedings of the 14th international conference on World Wide Web, 2005, pp. 623-632.

[12]P. Hallam-Baker, V. M. Hondo, H. Maruyama, M. McIntosh, and I. Nataraj Nagaratnam, "Web Services Security Policy Language (WS-SecurityPolicy)," 2005.

[13]L. Kagal, T. Finin, and A. Joshi, "A policy based approach to security for the semantic web," in International Semantic Web Conference, 2003, pp. 402-418.

[14]J. H. An, Y. Dodis, and T. Rabin, "On the security of joint signature and encryption," in Advances in Cryptology—EUROCRYPT 2002, 2002, pp. 83-107.

[15]C. Adams and D. Pinkas, "Internet X. 509 public key infrastructure time-stamp protocol (TSP)," 2001.

[16]H. V. Chung, Y. Nakamura, and F. Satoh, "Security Policy Validation For Web Services," ed: Google Patents, 2007.

[17]S. Speiser, "Semantic annotations for ws-policy," in Web Services (ICWS), 2010 IEEE International Conference on, 2010, pp. 449-456.

[18]D. Martin, M. Paolucci, S. McIlraith, M. Burstein, D. McDermott, D. McGuinness, et al., "Bringing semantics to web services: The OWL-S approach," in Semantic Web Services and Web Process Composition, ed: Springer, 2005, pp. 26-42.

[19]K. Ono, Y. Nakamura, F. Satoh, and T. Tateishi, "Verifying the consistency of security policies by abstracting into security types," in Web Services, 2007. ICWS 2007. IEEE International Conference on, 2007, pp. 497-504.

[20]T.-D. Cao and N.-B. Tran, "Enhance Matching Web Service Security Policies with Semantic," in Knowledge and Systems Engineering, ed: Springer, 2014, pp. 213-224.

[21]I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and M. Dean, "SWRL: A semantic web rule language combining OWL and RuleML," W3C Member submission, vol. 21, p. 79, 2004.

[22]M. B. Brahim, T. Chaari, M. B. Jemaa, and M. Jmaiel, "Semantic matching of ws-securitypolicy assertions," in Service-Oriented Computing-ICSOC 2011 Workshops, 2012, pp. 114-130.

[23]N. Gruschka and L. L. Iacono, "Vulnerable cloud: Soap message security validation revisited," in Web Services, 2009. ICWS 2009. IEEE International Conference on, 2009, pp. 625-631.

[24]D. Z. G. Garcia and M. B. F. De Toledo, "Ontology-based security policies for supporting the management of web service business processes," in Semantic Computing, 2008 IEEE International Conference on, 2008, pp. 331-338.

[25]M. Ben Brahim, T. Chaari, M. Ben Jemaa, and M. Jmaiel, "Semantic matching of web services security policies," in Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on, 2012, pp. 1-8.

[26]S. Alhazbi, K. M. Khan, and A. Erradi, "Preference-based semantic matching of web service security policies," in 2013 World Congress on Computer and Information Technology (WCCIT), 2013.

[27]K. Lawrence, C. Kaler, A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, et al., "WS-SecurityPolicy 1.3," OASIS Standard, February, pp. 41-44, 2009.