Fig 11 - uploaded by Tamilarasi Karuppiah
Content may be subject to copyright.
Source publication
Web Services standard has been broadly acknowledged by industries and academic researches along with the progress of web technology and e-business. Increasing number of web applications have been bundled as web services that can be published, positioned and invoked across the web. The importance of the issues regarding their publication and innovat...
Citations
... Thus, the violation of privacy can be realized. Privacy plays a key role in a Web services composition security [27,28,29,30,31,32,33]. Generally, privacy is defined as the right of an entity to determine when, how, and to what extend it will release private information. ...
... However, we note that although the conventional UDDI registry, based on a monolithic architecture which has limitations and shortcomings, is certainly a bit outdated, it is not completely obsolete if we refer to the number of research works that are appeared during the last decade in the literature [6,29,48,49,88,89]. Furthermore, at a lower level, the conventional UDDI registry 8 [2,29,72] gave a new dimension to a cooperation between different companies. ...
... However, we note that although the conventional UDDI registry, based on a monolithic architecture which has limitations and shortcomings, is certainly a bit outdated, it is not completely obsolete if we refer to the number of research works that are appeared during the last decade in the literature [6,29,48,49,88,89]. Furthermore, at a lower level, the conventional UDDI registry 8 [2,29,72] gave a new dimension to a cooperation between different companies. ...
Proliferation of Web services based applications, collaboration and interoperability between companies, extremely heterogenous policies of security, and, more generally, reply attacks over Internet are major challenges in the design of security infrastructures for Web services. In this paper, we focus our study on authentication of composite Web services. Authentication is certainly at the heart of any secure system. Thus, we propose a distributed model of authentication based on the circle of trust concept for composite Web services. This model has several functionalities: First, it ensures authentication for arbitrary composite Web services over Internet. Second, it can process across and beyond domain authentication boundaries. Third, it takes over the conflicts of security policies using the concept of Web Single Sign On (SSO) and client's profile using ontologies. Furthermore, the proposed model is scalable and dynamic because it is designed in a fully distributed manner, there are no central points and it evolves over time. An implementation of a prototype and a simulation design demonstrate that a strong security can be achieved for both the client and the composite Web service through the combination of a dynamic and collaborative trust model with a number of enhancements: (i) a combined encryption technique, (ii) a distributed authority of certificates, and (iii) semantic annotations.
=== The published version, in the journal "Computers & Security", can be downloaded at: http://www.sciencedirect.com/science/article/pii/S0167404817301153 ===
