Paper available here.
Reasons for looking at this paper:
- How they specify their security policies
- Semantics-aware ACP - a new type of policy? Can the CPP express it?
- Sill looking for baseline, and papers that everyone in security references
- Incremental policy buildup, reuse of "security blocks"
- "Distinguishes between two major types of security most prevalent in WS... the first kind deals with general authorization procedures of WS users and subsequent security criteria... the second kind involves organizational protection of data from intruders or clients without access privileges."
- "Not all data housed by the geospatial agencies are considered public in nature. For instance, the data might contain critical information about people, exposure of which would jeopardize their privacy. The problem is exacerbated in a data integration environment because of a lack of coherent security framework. If the trend towards on-the-fly data integration continues, Web services providers would very soon perform complicated services that require embedding or combining geospatial data with other kinds of data."
- "In a very complex policy setting with hundreds of rules with intricate hierarchy of privileges, the reasoning engine will boost the security tremendously by suggesting potential security vulnerabilities in the policy repository."
Referenced papers for security background
- Security whitepaper from Microsoft and IBM about web services security model. [1]
- Web Service Policy Language (WSPL) [6]
- GeoXACML [7] access control language for geo spatial web services
- Semantic languages Rei [9], KAoS [10], Ponder [11].
- OWL-S / DAML
Posts
0 comments:
Post a Comment