Web Services Policy Generation Based on SLA Requirements

Abstract

The deployment of web services in dynamic environments like cloud infrastructures offers flexible solutions to provide required resources to maintain web services availability and performance during peak demands. However, the lack of control and monitoring tools on the cloud infrastructure exposes the deployed web services to security threats. While there are security solutions that focus on web services, there is no tool to generate security policies documents. Therefore, this paper proposes an SLA (Service Level Agreement) based framework to generate web services policy documents. The framework allows the service provider to define security needs of a web service based on its WSDL (Web Service Description Language) description and generate required policies. The proposed framework is extensible and satisfies three web service security aspects: transport, authentication, and message encryption.