C. Weber, S. Seshadri, and F. Khan (USA)
Software Security, Web Services, and Standardization
We describe the use of emerging open specifications
based on policy to enhance XML Web Services to build a
secure system for the Ohio State University medical
center. The ease of maintenance of this real time system is
enhanced because declarative security policy enables us
to separate security assertions and claims from the
business logic. Specifically we use the Web Services
Enhancements 2.0 implementation of WS-Policy, WS
Trust and WS-SecureConversation open specifications.
We describe how using this off the shelf implementation
of open specifications has significantly increased the
maintainability of the system and also drastically
decreased the effort required to build it.