Model-Driven Security is a framework to configure WS-Security easily. It generates a security policy written in WS-SecurityPolicy to be transformed into platformspecific configuration files. Since the WS-SecurityPolicy specification is quite complicated, it is difficult to directly map between a security policy and a configuration. We propose a generic security policy transformation framework using an intermediate model. The intermediate model structure is designed based on the WS-Security message structure, because both a security policy and the configuration files correspond to one WS-Security message, even though the WS-SecurityPolicy is flexible in specifying security requirements. Our contributions are simpler transformation rules compared to direct mapping, the support for various platforms, and more flexible updates if the WS-SecurityPolicy specification changes. We demonstrate the transformation using the intermediate model for WebSphere Application Server 6.0.
展开▼
机译:模型驱动的安全性是一个轻松配置WS-Security的框架。它生成以WS-SecurityPolicy编写的安全策略要转换为平台特定配置文件。由于WS-SecurityPolicy规范非常复杂,因此难以直接映射安全策略和配置。我们使用中间模型提出了一个通用的安全策略转换框架。中间模型结构基于WS-Security消息结构设计,因为安全策略和配置文件都对应于一个WS-Security消息,即使WS-SecurityPolicy在指定安全要求方面是灵活的。与直接映射相比,我们的贡献是更简单的转换规则,以及如果WS-SecurityPolicy规范更改,各种平台的支持以及更灵活的更新。我们使用WebSphere Application Server 6.0的中间模型演示转换。
展开▼