Security architecture for virtual organizations of business web services

Virtual organizations (VO) temporarily aggregate resources of different domains to achieve a common goal. Web services are being positioned as the technological framework for achieving this aggregation in the context of cross-organizational business applications. Numerous architectures have been proposed for securing VOs, mostly for scientific research, such that they do not address all the requirements of business-oriented applications. This paper describes these additional requirements and proposes a novel architecture and approach to managing VO access control policies. Business users can focus on designing business processes, exposing web services and managing their VO partnerships, while the architecture supports and secures the web service interactions involved.