Web services security has become a hot topic in the research of service oriented computing. This paper aims to study many pivotal technologies in the web services security. Firstly, a policy-based framework for adaptive web services security is proposed, with the policy concept, management mechanism and execution mechanism can be separated effectively, moreover, by management of user context and web services context, web services access control can adapt to the changed environment. Secondly, a policy description language called ReiT is given, ReiT is a declarative language based on the rules and ontology and can express the structural and non-structural knowledge. A mixed reasoning mechanism is proposed, the web service access control policy including the user context and web services context can be evaluated by the reasoner. Finally, a policy aware BDI agent to authorize the access control of the web services is presented, and a prototype system based on Java EE and Jade Agent platform is implemented, Simulation experimental results and an example demonstrate the security framework is feasible and effective.

• 出版日期2011