- Sponsor:
- sigsac
It is our great pleasure to welcome you to the 3rd ACM Workshop on Secure Web Services (SWS'06). This workshop, which continues the tradition of the XML Security workshop series, is now a premier forum for presenting research results and experience reports on all research issues related to security, privacy and trust in Web Service architectures, including models, systems, applications, and theory.Web services are now widely recognized as the standard means of implementing complex business processes, supporting interoperability between diverse software applications. Several specifications for Web services security have been proposed in the last few years, including major aspects of trust negotiation and privacy, access control policy languages and data protection via point-to-point encryption. The richness and diversity of this palette is due to the fact that security is always a balance of assessed risk and effort required by countermeasures; Web service architectures require different security mechanisms, depending upon the underlying infrastructure as well as on the degree and nature of threat or risk.The mission of the SWS series of workshops is sharing novel ideas and solutions for making security and privacy first class citizens in Web Service architecture design and implementation.This year's call for papers attracted 26 submissions from all over the world. The program committee accepted 11 full papers that cover a variety of topics, including the next generation privacy and access control models, relationships with business process modeling, engineering techniques for secure message exchange and multimedia support. In addition, the program includes a panel on 'Directions and Trends of XML and Web Service Security'. We hope that these proceedings will serve as a valuable reference for security researchers and developers.
Proceeding Downloads
Role-based access control for data service integration
We describe the implementation of role-based access control in a data service integration system. Users in research or other projects may access a diverse collection of data sources but are to allowed access to only the part of the data collection that ...
An extended RBAC profile of XACML
Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access ...
A framework for establishing, assessing, and managing trust in inter-organizational relationships
In this paper, we present an efficient, novel framework for establishing, assessing, and managing trust in inter-organizational relationships, in terms of allowable network sharing, that is based on analyzing an invariance property of a computer network ...
Orchestrating fair exchanges between mutually distrustful web services
In this paper, we propose a modular and fully decentralized protocol to orchestrate fair exchanges between mutually distrustful yet collaborating web services. Our motivation roots in the observation that fair exchange is a key problem in settings where ...
Automatic web services composition in trustaware communities
The promise ofWeb Service Computing is to utilizeWeb services as fundamental elements for realizing distributed applications/solutions. In particular, when no available service can satisfy client request, (parts of) available services can be composed ...
A comparison of two privacy policy languages: EPAL and XACML
Current regulatory requirements in the U.S. and other countries make it increasingly important for Web Services to be able to enforce and verify their compliance with privacy policies. Structured policy languages can play a major role by supporting ...
Multimedia-based authorization and access control policy specification
Exchanging multimedia objects between wide ranges of distributed applications, web services, and end-users is rapidly increasing in several application domains (medicine, surveillance, e-learning, etc.). In confidential applications, one of the emergent ...
Reasoning with semantics-aware access control policies for geospatial web services
A major obstacle on the way to the successful deployment and operation of Web services on a larger scale is a lack of sophisticated semantics model to represent and communicate the data. To solve the problem, semantics-aware Web services have been ...
Towards secure SOAP message exchange in a SOA
SOAP message exchange is one of the core services required for system integration in Service Oriented Architecture (SOA) environments. One key concern in a SOA is thus to provide Message Level Security (as opposed to point to point security). We observe ...
BPEL orchestration of secure webmail
WebMail proposes to migrate existing SMTP-based mail systems to Web-Services. We show how a verifiably-correct, generic mail service that enables extensions of SMTP-based standard mail use cases that avoids known misuse cases can be specified using WSDL ...
Single sign-on for java web start applications using myproxy
Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an ...
A comprehensive security architecture for dynamic, web service based virtual organizations for businesses
In this paper we propose a security architecture for Virtual Organizations for businesses. The Virtual Organizations we consider are based on web servicetechnology, and are dynamic, i.e. their membership may change frequently throughout its lifetime. ...
A framework of authentication and authorization for e-health services
This article introduces a framework for authentication and authorization in e-health services. It aims to build the architecture for authentication and authorization within an e-health service system. The architecture will help to build a secure and ...
Mutual trust in open environment for cascaded web services
Given an open cascading Web services environment, this paper deals with the following problems: 1) how to compute trust index of a service provider or a service requestor, which is dynamic and is continuously updated to reflect service providers'/...
P3P privacy enhancing agent
Protecting personal privacy information is an inherently difficult problem. Privacy enhancing agents are software agents that help web users to protect their private information by collecting web site P3P [1] information and exchanging knowledge of web ...
- Proceedings of the 3rd ACM workshop on Secure web services