A Comprehensive Security Architecture for Dynamic, Web
Service Based Virtual Organizations for Businesses
In this paper we propose a security architecture for Vir-
tual Organizations for businesses. The Virtual Organiza-
tions we consider are based on web service technology, and
are dynamic, i.e. their membership may change frequently
throughout its lifetime. The security architecture advances
over previous approaches with a new approach for distrib-
uted administration based on policy generation which allows
local security administrators to remain in complete control
over the policies deployed. We show the advantages of our
architecture in the case of member replacement.
Categories and Subject Descriptors
D.4.6 [Operating Systems]: Security and Protection—
access controls; C.2.4 [Computer-Communication Net-
works]: Distributed Systems—distributed applications
Policy Generation, Security Architecture
A VO consists of a collection of individuals and institu-
tions defined according to a set of resource sharing rules .
The work in this paper considers VOs with the following
• dynamic: VOs evolve during operation, e.g. allowing
• business process driven: VOs where the interactions
are defined by a business process (choreography).
• web service: VOs where the shared resources are web
A VO management system facilitates the administration
and management of such VOs. For details of VO manage-
ment see .
The contribution of the proposed security architecture is
that it defines a new model of distributed administration and
Copyright is held by the author/owner(s).
SWS’06, November 3, 2006, Alexandria, Virginia, USA.
control using role-based access control  based on policy
generation. The policy administration is done by the local
security administrators allowing for fine-grai