Presently, most schemes use syntactic approaches to represent and match the security policy for web service, where pairs of policies are compared for structural and syntactic similarity to determine compatibility, which is prone to result in false negative because of lacking semantics. In this paper, we proposed a novel approach to express and match the security supply-and-demand policy of web service based on semantics. Through constructing a general security ontology, we presented the definition method and matching algorithm of semantic security supply-and-demand policy for web service, and translated the matching problem of security policy into the semantic based subsumption reasoning problem. Both the theory analysis and experiment evaluation show that, the proposed approach can present the necessary semantic information in the representation of policy and effectively improve the accuracy of matching result, thus overcome the deficiency of the syntactic approaches, and can also simplify the definition and administration of the policy at the same time, which thereby provides a more effective solution for the expression and matching problem of security policy in web service environment.
