Middleware for Automated Implementation of Security Protocols B´ ela Genge and Piroska Haller “Petru Maior” University of Tˆargu Mure¸ s, Department of Electrical Engineering, N. Iorga Str., No. 1, (540088) Tˆargu Mure¸ s, Romania {bgenge,phaller}@engineering.upm.ro http://www.upm.ro Abstract. We propose a middleware for automated implementation of security protocols for Web services. The proposed middleware consists of two main layers: the communication layer and the service layer. The communication layer is built on the SOAP layer and ensures the imple- mentation of security and service protocols. The service layer provides the discovery of services and the authorization of client applications. In order to provide automated access to the platform services we propose a novel specification of security protocols, consisting of a sequential compo- nent, implemented as a WSDL-S specification, and an ontology compo- nent, implemented as an OWL specification. Specifications are generated using a set of rules, where information related to the implementation of properties such as cryptographic algorithms or key sizes, are provided by the user. The applicability of the proposed middleware is validated by implementing a video surveillance system. Keywords: Middleware, Web services, security protocols, automated execution, ontologies. 1 Introduction In order to ensure security properties such as confidentiality, integrity or avail- ability, Web services use technologies such as the Security Assertions Markup Language [19] (i.e. SAML) or WS-Security [20], providing a unifying solution for the authentication and authorization issues. The security tokens defined by WS-Security have been extended with additional ones and a set of new primi- tives in WS-Trust [21] allowing inter-domain authentication and authorization. The primitives defined by WS-Trust correspond to security protocols, denoting “communication protocols dedicated to achieving security goals” (C.J.F. Cre- mers and S. Mauw) [1]. The security protocols defined by WS-Trust consist of request-response messages with flexible message components. Despite it’s flexibility, WS-Trust does not define the operations that must be executed for each message that is constructed or processed. By defining these operations, services can execute new protocols without relying on predefined protocols. L. Aroyo et al. (Eds.): ESWC 2009, LNCS 5554, pp. 476–490, 2009. c  Springer-Verlag Berlin Heidelberg 2009