=Paper=
{{Paper
|id=None
|storemode=property
|title=A new approach for WS-Policy Intersection using Partial Ordered Sets
|pdfUrl=https://ceur-ws.org/Vol-1029/paper9.pdf
|volume=Vol-1029
|dblpUrl=https://dblp.org/rec/conf/zeus/ElsafieMS13
}}
==A new approach for WS-Policy Intersection using Partial Ordered Sets==
https://ceur-ws.org/Vol-1029/paper9.pdf
A new approach for WS-Policy Intersection
using Partial Ordered Sets
Abeer Elsafie, Christian Mainka, and Jörg Schwenk
Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany
{abeer.elsafie, christian.mainka, joerg.schwenk}@rub.de
Abstract. WS-Policy is a framework that can be used to describe as-
sertions for web services message exchange. In the context of Service
Oriented Architectures and Clouds, where web services are belonging to,
machine-to-machine communication is one of its core ideas. When those
machines try to apply WS-Policy, mainly two events can occur: First,
the machine-exchanged policies have common assertions – there is an
intersection. Second, there is no direct intersection and the participants
must reach an agreement by minimal adjustments to the policies. This
paper introduces a new approach for reaching intersection by computing
adjustments to the policies using partial ordering.
Keywords: WS-Policy Intersection, Partial Ordered Sets, Hasse Diagram
1 Introduction
In the field of web services, requirements and capabilities can be described using
XML according to the WS-Policy specification [1]. The policies can be applied
to the web services message exchange, which is commonly machine-to-machine
communication with multiple participants, for assuring security goals. This leads
to the need for WS-Policy intersection, a technique used when two or more
web services want to communicate and fulfill each others policy. Currently, this
approach can only handle the case that intersection within the participating
policies exists [2]. Otherwise it fails and the further communication cannot be
achieved.
Hence, our motivation is to find a way to make intersection possible even in
the case that there is no direct intersection by adjusting one or both party’s policy,
e.g. by adding some policy aspects. This is achieved by a multi-layer approach:
First, every WS-Policy, which can be seen as a set of Boolean terms, is converted
into its disjunctive normal form (DN F), so that policies are easy to compare
and finding matching terms is simple. In the case that there is a match, the
decision for the participants is obviously done. If there is no direct intersection,
this paper introduces a model for an arbitrary number of parties, that computes
these adjustments using partial order sets to enforce policy intersection for all
participants.
�2 Foundations
2.1 WS-Policy and Policy Intersection
WS-Policy is a framework for describing policies using XML [3,1]. In the context
of web services, it is commonly used to specify which parts of a message should
be signed or encrypted using WS-SecurityPolicy [4]. The structure of a WS-Policy
can be seen as a Boolean term, but written in XML. It consists of an enveloping
element which can contain arbitrary AND (element: ) and XOR
(element: ) expressions. For each term, there exists a disjunktive
normal form (DN F). It is an XOR-junction of propositions derived from the
compact form using boolean algebra [5]. Consider the following example, which
does not use any XML for simplicity:
DN F
A1 ∧ (A2 ⊕ A3 ) = A1 ∧ A2 ⊕ A1 ∧ A3
| {z } | {z }
Alternative 1 Alternative 1
From the DN F, one can easily see the policy alternative: They are a bundle
of assertions which must be fulfilled.
The WS-Policy Intersection process identifies compatible policy alternatives
included in all parties policies or returns nothing if there are no matches [6]. Two
alternatives are compatible, if the sets of included assertions are identical.
2.2 Ordered Sets and Hasse Diagrams
A partially ordered set (poset) is a mathematic tool generalizing the concept
of arranging and ordering elements. In a poset, there exists a relation between
pairs of elements, e.g. the ”≤”-relation, so that the elements can be compared.
When this relation exists for each possible pair, then the poset is called a chain
(or total ordered set). In addition a poset in which no two distinct elements are
comparable is called antichain.
A Lattice is an ordered set where every pair of elements has a least upper
bound (LUB) and a greatest lower bound (GLB). In our approach we assume that
the posets are all Lattices.
A Hasse or Lattice diagram is a visualization of the finite poset in the form
of a drawing, in which nodes are elements of the poset and arrows between
related nodes represent the order relation between these elements [7,8]. In the
next section we introduce an example providing a detailed overview of the usage
of Hasse diagram.
3 WS-Policy Intersection Model
The evaluation of WS-Policy Intersection consists of two main layers as shown in
Figure 1:
The preparation layer is responsible for converting each policy into its corre-
sponding DN F. This is achieved either manually or using an software-tool [9] and
� Policy1 Preparation Evaluation
Policy2 Generate DN F Bound Extract
No
..
.
Result
Policyn Intersection? Decide
Yes
Fig. 1. Evaluating WS-Policy Intersection Model.
is outside the scope of this research. Afterwards, the policy intersection examina-
tion unit compares the DN F policies and forwards the results to the evaluation
layer. If there is intersection, which means compatible alternatives exist, they
are directly forwarded to the decision making unit, which chooses the strongest
alternative. In the case of no intersection, the bound extraction unit takes part.
It first identifies all ordered sets, which can be chains like AES128 < AES256 or
anti-chains which cannot be compared, e.g. SignHeader and SignBody . Afterwards,
all sets are combined to one Hasse diagram as shown in Figure 2.
{AES256 , SignHeader+Body }
{AES256 , SignHeader } LUB {AES128 , SignHeader+Body } {AES256 , SignBody }
A1P1 {AES128 , SignHeader } {AES256 } {AES128 , SignBody } A1P2
{SignHeader } GLB {AES128 } {SignBody }
∅
Fig. 2. Signed Part and cryptographic suite combined into one Hasse diagram.
Consider the two policies P1 and P2 , having the alternatives A1P1 and A1P2 as
shown. Obviously, they are not compatible. Using the Hasse diagram, the least
upper bound (LUB) and the greatest lower bound (GLB) can be easily extracted.
In general if we consider that the posets used are all lattices, where each two
elements have a LUB/GLB, then we can easily use the meet and join for finding
these bounds [8]. Finally the bounds are forwarded to the decision unit, which
has to decide if the GLB or either the LUB should be used.
Note that building the DN F can drastically increase the size of each policy and
thus, building the Hasse diagram might lead to a very large model. Nevertheless,
the authors believe to the best of their knowledge that this approach will hold
for real examples. We stress that a real implementation and evaluation is needed
to prove this.
4 Related Work
Researchers in [10] investigated a mechanism for calculating compatibility of
alternatives. An approach for comparing policies and checking compatibility
�between alternatives in terms of its assertions to reach intersection is shown
in [11] and [12]. Policy reconciliation algorithm, a technique to reach policy
agreement between two party communication, is introduced in [13]. Another
research using a web ontology language (OWL-DL) is based on the idea that
policy assertions and alternatives are mapped in to program classes using OWL
to measure compatibility [6]. Our research focuses on how to examine intersection
and find solution for policy agreement by means of partial ordering.
5 Conclusions and Future Work
This paper presents a model for WS-Policy Intersection using Partial ordered
sets. It is the first solution which is able to (1) handle more than two parties and
(2) makes proposals for the case that the policies are not directly compatible.
For future work we plan to investigate a real protocol for multi-party negotia-
tion which is applied to the needs and capabilities of a Web services. Additionally,
we will add an implementation to show the practical usability.
References
1. W3C Recommendation, “Web Service Policy 1.5 - Framework,” http://www.w3.
org/TR/ws-policy/, Sep. 2007.
2. ——, “Web Service Policy Intersection,” http://www.w3.org/TR/ws-policy/, Sep.
2007.
3. ——, “Web Service Policy 1.5 - Primer,” http://www.w3.org/TR/ws-policy-primer/,
Nov. 2007.
4. OASIS Standard, “Web Service Security Policy,” http://docs.oasis-open.org/ws-sx/
ws-securitypolicy/, Feb. 2009.
5. J. Eldon Whitesitt, Boolean algebra and its applications. Courier Dover, 1995.
6. V. Kolovski, B. Parsia, Y. Katz, and J. Hendler, “Representing Web Service Policies
in OWL-DL,” in In International Semantic Web Conference (ISWC). Springer,
Nov. 2005, pp. 461 – 475.
7. W. Strunk, Jr. and E. B. White, Order Relation, 3rd ed. Macmillan, 1979.
8. M.-C. van Leunen, Partial order. Knopf, 1979.
9. T. A. S. F. Group, “The Apache Software Foundation,” https://ws.apache.org/
neethi/, Jul. 2012.
10. T. Lavarack and M. Coetzee, “Considering Web Services Security Policy Compati-
bility,” in The 9th Annual Information Security for South Africa Conference, (ISSA
2010). IEEE Press, Aug. 2010, pp. 1 – 8.
11. B. Hollunder, “Domain-Specific Processing of Policies or: WS-Policy Intersection
Revisited,” in IEEE 7th International Conference on Web Service (ICWS2009).
IEEE Press, Jul. 2009, pp. 246 – 253.
12. S. Hudert, T. Eymann, H. Ludwig, and G. Wirtz, “A Negotiation Protocol De-
scription Language for Automated Service Level Agreement Negotiations ,” in
Commerce and Enterprise Computing, 2009. CEC ’09. . IEEE Press, Aug 2009,
pp. 162 – 169.
13. A. P. P McDaniel, “Methods and limitations of Security Policy Reconciliation,” in
2002 IEEE Symposium on Security and Privacy. IEEE Press, May 2002, pp. 73 –
87.
�