Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments
نویسندگان
چکیده
Controlling access to the Web services of public agencies and private corporations depends primarily on specifying and deploying functional security rules to satisfy strict regulations imposed by governments, particularly in the financial and health sectors. This paper focuses on one aspect of the SELKIS and EB3SEC projects related to the security of Web-based information systems, namely, the automatic transformation of security rules into WS-BPEL (or BPEL, for short) processes. The former are instantiated from security-rule patterns written in a graphical notation, called ASTD that is close to statecharts. The latter are executed by a BPEL engine integrated into a policy decision point, which is a component of a policy enforcement manager similar to that proposed in the XACML standard. Richard St-Denis Université de Sherbrooke, Canada DOI: 10.4018/978-1-4666-2470-2.ch014
منابع مشابه
A model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملAn Access-Control Framework for WS-BPEL
abstraCt Business processes, the next-generation workflows, have attracted considerable research interest in the last 15 years. More recently, several XML-based languages have been proposed for specifying and orchestrating business processes, resulting in the WS-BPEL language. Even if WS-BPEL has been developed to specify automated business processes that orchestrate activities of multiple Web ...
متن کاملA Framework and Language Support for Dynamic Security Policy in Service-Oriented Architecture
In today’s global network-based environment, where mission-critical applications typically run on highly distributed systems, customers expect reliable, available, and secure services. Supporting security becomes an important issue in service-oriented architecture (SOA). This paper describes how to simultaneously support both dynamic security policies and separation of concerns when developing ...
متن کاملAuthorization and User Failure Resiliency for WS-BPEL Business Processes
We investigate the problem of WS-BPEL processes resiliency in RBAC-WS-BPEL, an authorization model for WS-BPEL that supports the specification of authorizations for the execution of WS-BPEL process activities by roles and users and authorization constraints, such as separation and binding of duty. The goal of resiliency is to guarantee that even if some users becomes unavailable during the exec...
متن کاملOptimization of WS-BPEL Workflows through Business Process Re-Engineering Patterns
With the advent of XML-based SOA, WS-BPEL swiftly became a widely accepted standard for modeling business processes. Although SOA is said to embrace the principle of business agility, BPEL process definitions are still manually crafted into their final executable version. While SOA has proven to be a giant leap forward in building flexible IT systems, this static BPEL workflow model should be e...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IJSSOE
دوره 2 شماره
صفحات -
تاریخ انتشار 2011