H. F. EL Yamany, M. A. M. Capretz and D. S. Allison, “Intelligent Security and Access Control Framework for Service-Oriented Architecture,” Journal of Information and Software Technology, Vol. 52, No. 2, 2010, pp. 220-236. doi:10.1016/j.infsof.2009.10.005
 R. Kanneganti, P. Chodavarapu, “SOA Security,” Manning Publications Co., Greenwich, 2008. http://www.manning.com/kanneganti/
 D. Allison, H. EL Yamany and M. Capretz, “Metamodel for Privacy Policies within Service-Oriented Architecture,” The Proceeding of the 5th IEEE International Workshop on Software Engineering for Secure Systems in Conjunction with the 31st IEEE International Conference of Software Engineering, Vancouver, 19 May 2009, pp. 40-46. doi:10.1109/IWSESS.2009.5068457
 D. Allison, H. EL Yamany and M. Capretz, “A Privacy Service for Comparison of Privacy and Trust Policies within Service-Oriented Architecture,” In: M. Gupta, J. Walp, R. Sharman, Eds., Threats, Countermeasures, and Advances in Applied Information Security, IGI Global, New York, 2012, pp. 249-266. doi:10.4018/978-1-4666-0978-5.ch013
 G. Yee and L. Korba, “Semi-Automated Derivation and Use of Personal Privacy Policies in E-Business,” International Journal of E-Business Research, Vol. 1, No. 1, 2005, pp. 54-69. doi:10.4018/jebr.2005010104
 N. Guermouche, S. Benbernou, E. Coquery and M. S. Hacid, “Privacy-Aware Web Service Protocol Replaceability,” Proceedings of the IEEE International Conference on Web Services, Salt Lake City, 9-13 July 2007, pp. 1048-1055. doi:10.1109/ICWS.2007.143
 A. Buecker, P. Ashley, M. Borrett, M. Lu, S. Muppidi and N. Readshaw, “Understanding Service-Oriented Architecture Security Design and Implementation” 2nd Edition, IBM Redbook, IBM Corp., 2007. http://www.redbooks.ibm.com/abstracts/SG247310.html
 T. Moses, “eXtensible Access Control Markup Language Version 2.0,” Advancing Open Standards for the Information Society, 1 February 2005. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
 R. Cover, “IBM Releases Updated Enterprise Privacy Authorization Language Specification,” Advancing Open Standards for the Information Society, 9 July 2003. http://xml.coverpages.org/ni2003-07-09-a.html
 L. Cranor, M. Langheinrich, M. Marchiori, M. Presler- Marshall and J. Reagle, “The Platform for Privacy Preferences 1.0 Specification,” W3C Recommendation 16 April 2002. http://www.w3.org/TR/P3P/.
 Organisation for Economic Co-Operation and Development, “OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data,” 23 September, 1980. http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html.
 V. Cheng, P. Hung and D. Chiu, “Enabling Web Services Policy Negotiation with Privacy Preserved Using XACML,” Proceedings of the 40th Hawaii International Conference on System Sciences, Waikoloa, 3-6 January 2007, p. 33. doi:10.1109/HICSS.2007.207
 M. Lorch, S. Proctor, R. Lepro, D. Kafura and S. Shah, “First Experiences Using XACML for Access Control in Distributed Systems,” The Proceeding of the 2003 ACM Workshop on XML Security, Fairfax, 31 October 2003, pp. 25-37. doi:10.1145/968559.968563
 A. Anderson, “Web Services Profile of XACML Version 1.0,” Advancing Open Standards for the Information Society, 10 August 2007. http://www.oasis-open.org/committees/download.php/24951/xacml-3.0-profile-webservices-spec-v1-wd-10-en.pdf
 A. Anderson, “The Relationship between XACML and P3P Privacy Policies,” Sun Microsystems, 11, November 2004. http://labs.oracle.com/projects/xacml/XACML_P3P_Relationship.html
 S. Dürbeck, R. Schillinger and J. Kolter, “Security Requirements for a Semantic Service-Oriented Architecture,” The Proceeding of the 2nd International Conference on Availability, Reliability and Security, Vienna, 10-13 April 2007, pp. 366-373. doi:10.1109/ARES.2007.138
 P. Ashley, S. Hada, G. Karjoth, C. Powers and M. Schunter, “Enterprise Privacy Architecture Language,” W3C Member Submission, 10 November 2003. http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
 Canadian Standards Association, “Model Code for the Protection of Personal Information (Q830-96),” March 1996. http://www.csa.ca/cm/ca/en/privacy-code/publications/view-privacy-code
 C. Bennett, “Arguments for the Standardization of Privacy Protection Policy: Canadian Initiatives and American and International Responses,” Government Information Quarterly, Vol. 1, No. 4, 1997, pp. 351-362.
 Office of Security Management and Safeguards, “Further Amendment to EO 12958, as Amended, Classified National Security Information,” 25 March 2003. http://nodis3.gsfc.nasa.gov/displayEO.cfm?id=EO_13292
 Office of Public Sector Information, “The Privacy and Electronic Communications (EC Directive) Regulations 2003,” 26 September 2003. http://www.legislation.gov.uk/uksi/2003/2426/contents/made
 Treasury Board of Canada Secretariat, “Canadian Privacy Legislation and Policy,” September 2003. http://www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/course2/mod1/mod1-3-eng.asp
 L. Clement, A. Hately, C. von Riegen and T. Rogers, “UDDI Version 3.0.2,” Advancing Open Standards for the Information Society, 19 October 2004. http://www.uddi.org/pubs/uddi_v3.htm
 M. Bartel, J. Boyer, B. Fox, B. LaMacchia and E. Simon, “XML Signature Syntax and Processing (Second Edition),” W3C, 10 June 2008. http://www.w3.org/TR/xmldsig-core/