Five criteria for web-services security architecture

Addie, R. G. and Colman, Alan (2010) Five criteria for web-services security architecture. In: NSS 2010: 4th International Conference on Network and System Security, 1-3 Sep 2010, Melbourne, Australia.


Five properties of an architecture for secure access to web services are defined and two existing architectures are
evaluated according to these criteria. References to these criteria in the literature and evaluation of the security architectures are tabulated in the conclusion. Policy-sufficiency is defined as the requirement that any meaningful statements can be expressed in policy definitions of the architecture. Protocol neutrality is
the requirement that a protocol exchange which is logically
equivalent to a valid protocol sequence is also valid. Predicateboundedness is the constraint that a fixed, finite set of predicates (or language constructs) will be sufficient for security policy definitions, i.e. the language does not need to be incrementally extended indefinitely. Protocol-closure requires that security
protocols can be combined together arbitrarily to make new
protocols. Finally, processing complexity constrains algorithms for evaluating security rules to be of satisfactory (low) complexity. No existing security architectures recieve a tick for all five of these criteria. The RW architecture is more successful in this
regard than the simpler XACML architecture.

Statistics for USQ ePrint 20531
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to Published version, due to publisher copyright restrictions.
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 03 Feb 2012 06:29
Last Modified: 21 Jul 2014 23:57
Uncontrolled Keywords: finite set; language constructs; processing complexity; security architecture; security policy; security protocols; security rules
Fields of Research : 08 Information and Computing Sciences > 0803 Computer Software > 080302 Computer System Architecture
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
08 Information and Computing Sciences > 0805 Distributed Computing > 080505 Web Technologies (excl. Web Search)
Socio-Economic Objective: E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: 10.1109/NSS.2010.100

Actions (login required)

View Item Archive Repository Staff Only