Generic security policy transformation framework for WS-security

Abstract

Model-Driven Security is a framework to configure WS-Security easily. It generates a security policy written in WS-SecurityPolicy to be transformed into platform-specific configuration files. Since the WS-SecurityPolicy specification is quite complicated, it is difficult to directly map between a security policy and a configuration. We propose a generic security policy transformation framework using an intermediate model. The intermediate model structure is designed based on the WS-Security message structure, because both a security policy and the configuration files correspond to one WS-Security message, even though the WS-SecurityPolicy is flexible in specifying security requirements. Our contributions are simpler transformation rules compared to direct mapping, the support for various platforms, and more flexible updates if the WS-SecurityPolicy specification changes. We demonstrate the transformation using the intermediate model for WebSphere Application Server 6.0. © 2007 IEEE.