Design of policy-based security mechanisms in a distributed web services architecture

In the recent years, modern complex infrastructures are built on integration and cooperation of legacy and/or new systems; the emerging technology, to primary face the involved interoperability problems, is based on web service solutions. It is based on open standards and common data formats which allow a deep cooperation among Entities and applications and guarantee strong resource sharing. In such context security plays a primary role to control access to data and functionalities offered by distributed services. In this paper we illustrate a policy-based approach to manage security and personalization, in particular we have designed a hybrid infrastructure based on web services in which policy enforcer mechanisms are managed both in a centralized way by the registry server and in a distributed way, i.e. each service implements security mechanisms to authenticate and authorize users. A case study is illustrated showing a distributed architecture for health-care applications.