Generic Security Policy Transformation Framework for WS-Security

Abstract

Model-driven security is a framework to configure WS-security easily. It generates a security policy written in WS-security policy to be transformed into platform-specific configuration files. Since the WS-security policy specification is quite complicated, it is difficult to directly map between a security policy and a configuration. We propose a generic security policy transformation framework using an intermediate model. The intermediate model structure is designed based on the WS-security message structure, because both a security policy and the configuration files correspond to one WS-security message, even though the WS-security policy is flexible in specifying security requirements. Our contributions are simpler transformation rules compared to direct mapping, the support for various platforms, and more flexible updates if the WS-security policy specification changes. We demonstrate the transformation using the intermediate model for WebSphere application server 6.0.