Nowadays, academic as well as industrial communities focus one part of their research and development activities around Web services technology. It seems to be a promising basis to provide a solution for inter-operability between heterogeneous environments. Web services are, usually syntactically, described with standards like (UDDI, SOAP, and WSDL). To control and secure the access to Web services recorded in various distributed data sources became during these years a challenge. Nowadays, there is not yet a defined architecture to access control when Web services are composed into a complex and virtual application. The Web services composition is the ability to provide a new functionality obtained from a combination of several Web services offered by various providers. The access control is a security policy which defines the rules of using resources in order to ensure the confidentiality (the data neither available, nor revealed to the entities unauthorized), integrity (data neither modified, nor changed during) and the availability of the data (data is accessible). A security policy must identify the objects containing sensitive information (data to access to the resources and subjects). In this paper, we propose a flexible security mechanism to virtual and semantic Web services which in one hand, it ensures the protection of Web services against unauthorized accesses, and in another hand, it resolves few conflicts which can occur when a client submits a composite request of access. We introduce a mixed mechanism which is based on XML language, semantic annotations of access rights, the controlled hierarchy of the authorisations, different degrees of sensitivity of an information and a set of access modes in order to reinforce the security of the services in Intranet and extranet. We illustrate the robustness and the efficiency of our proposed approach by the prototype implemented in java which can support different security policies.

Username
Password