A FRAMEWORK FOR WEB SERVICES SECURITY POLICY NEGOTIATION

In today’s business environment, the use of web services technology is becoming more popular. This growth has been met with an increase of security related attacks, which has caused web services providers to adopt stricter security policies. As not all web service consumers can implement the security requirements of web services providers, they may turn to use the services of other providers. In order to address this problem, this paper introduces a framework for a web services security policy negotiation system that web services consumers and providers can use to negotiate a customised security contract. The framework is defined over current web services technology, to be used by business-to-business (B2B) web services collaborations. The inflexibility of current security policy specification languages for negotiation is overcome, by incorporating human intuitiveness supported by an intelligent negotiation support system