Databases Reference
In-Depth Information
The challenge for security researchers is how does one integrate the infor-
mation securely? For example, in [30, 31, 32] the schema integration work of
Sheth and Larson was extended for security policies. That is, different sites
have security policies and these policies have to be integrated to provide a
policy for the federated database system. One needs to examine these issues
for the semantic web. Each node on the web may have its own policy. Is it
feasible to have a common policy for a community on the web? Do we need a
tight integration of the policies or do we focus on dynamic policy integration?
How can ontologies play a role in secure information integration? How do we
provide access control for ontologies? Should ontologies specify the security
policies? How do we minimize the trust placed on information integrators on
the web? We have posed several questions. We need a research program to
address many of these challenges.
5 Summary and Directions
This paper has provided an overview of web services security and semantic
web security including a discussion of the various security standards. We first
discussed security issues for web services and then discussed secure semantic
web. Finally, we discussed integrating security, web services and semantic web
technologies to develop secure semantic web services.
Web services are the services that are invoked to carry out activities on
the web. A collection of web services comprise the service oriented architec-
ture. We also discussed aspects of XACML, SAML and Shibboleth, which are
related to secure web services. We argued that security must cut across all
the layers. Next we provided some more details on securing the semantic web
including XML security and RDF security. If the semantic web is to be secure
we need all of its components to be secure. Next we discussed privacy and
trust for the semantic web.
Web services and service oriented architectures are at the heart of the
next generation web. They make use of semantic web technologies to generate
machine understandable web pages. This is one of the major developments
in the late 1990s and early 2000s. While there are numerous developments
on web services, the application of semantic web technologies and securing
the web services are major challenges. Furthermore, major initiatives such as
the global information gird and the network centric enterprise services are
based on web services and service oriented architectures. Therefore securing
these technologies as well as making web services more intelligent by using
the semantic web will be critical for the next generation web.
