Guest Editorial: Security and Dependability in SOA and Business Processes
نویسندگان
چکیده
THIS special issue presents recent research results in a field of research that is itself rather new. When Service Oriented Architectures (SOA) came of age, no specific security technology for web services was available and transport protocols security mechanisms were used instead. For instance, web services message confidentiality was achieved using transport security protocols like SSL and HTTPS. Web services that needed authentication used transport authentication (i.e., the Basic or Digest HTTP authentication mechanisms) or certificate-based schemes. When the research community started to address the problem of web service security, we had to recognize that many of the features that make web services attractive (above all, composition and open service-to-service invocation) conflicted with traditional security models and solutions. So, it was back to the drawing board for many of us. Meanwhile, securing web services looked to many practitioners more like an art than a science. A major problem that surfaced early was supporting authenticity of service invocations across compositions. Indeed, weak authentication chains were at the basis of many early attacks to services. Today, SOAP headers support SOAP-specific security mechanisms that aim to achieve a) end-to-end security along the chain of intermediaries leading to a SOAP web service and b) full independence from the security mechanisms of transport protocols. In this special issue, the paper ”Two-Dimensional Trust Rating Aggregations in Service-Oriented Applications“ by Yan Wang and Lei Li provides an up-to-date view of the crucial problem of aggregating trust levels within composite services and business processes. Early debate on web service security also brought forward the idea of supporting message-level security using SOAP headers. Besides authentication, SOAP headers have been used since then to support a number of security mechanisms. Headers can carry encryption metadata, ensuring confidentiality of a SOAP message, or information on a digital signature scheme according to the XML Signature standard, ensuring that SOAP messages have originated from the appropriate client and were not modified in transit. Also, SOAP headers can be used to return to clients a security token to be used in future calls to the service. These security mechanisms are now well understood, and research is focusing on the performance problems posed by processing SOAP security headers. In this special issue, the paper “Server-Side Streaming Processing of WS-Security,” by Nils Gruschka et al., paves the way to efficiently enforcing SOAP security. A distinct though closely related issue is using XMLbased languages to express access permissions to web services. More than 11 years ago, one of us (E. Damiani) wrote and sent to the W3C mailing list an “XML access control manifesto” stating that “Using XML to express access and usage policies will allow for naturally expressing such policies organization-wide (associating a policy to an XML schema) and site-wide (associating a policy to a single XML document). Like usual metadata, access and usage policies expressed this way are both machine and humanreadable; moreover, they can be transferred together with data, and processed via standard enforcement engines.” In the following years, much work research was devoted to developing XML-based policy languages and models. The XACML (eXtensible Access Control Markup Language) specification emerged, defining a declarative access control policy language implemented in XML and a processing model describing how to interpret the policies. While SOAP web services were considered a natural target for XACML policies from the very beginning of XACML standardization, a major problem when using XACML to state access control policies for SOAP web services is the naming of resources, as SOAP data objects are typically not made available through a URI. The “Web Services Profile” of XACML (WS-XACML), written by Anne Anderson, bridged this gap by proposing XACML-based formats for authorization and privacy policies for web services. Today, XACML is still an important reference for research. In this special issue, the paper “Runtime Administration of an RBAC Profile for XACML,” by Xu Min et al., describes a solution for efficient administration of role-based access control policies using XACML, while the paper “Adaptive Reordering and Clustering Based Framework for Efficient XACML Policy Evaluation,” by Mohamed Shehab et al., describes an innovative framework for efficient evaluation of XACML policies. The Web Services Security specification (WS-Security) can also be regarded as a development of the idea of using SOAP headers to carry security-related information. It is closely related to the WS-Policy specification, that, in turn, develops the idea of a machine-readable format for access control policies. IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 4, NO. 4, OCTOBER-DECEMBER 2011 255
منابع مشابه
Seamless integration of dependability and security concepts in SOA: A feedback control system based framework and taxonomy
Recent research effort has beenmade to integrate both dependability and security concepts for SOA using fault taxonomy. However most of such work is confined to the SOA functionality layer excluding the interactions with its underlying distributed systems. Also many elements of taxonomies proposed are loosely integrated without generic interactive relationships. This is especially true when sec...
متن کاملDependability Analysis of Web Service-based Business Processes by Model Transformations
A typical composite Web service is built of basic Web services, both internal and external, over which the integrator does not have a complete control. The service-based integration of enterprise systems raises the need for the analysis of non-functional characteristics of a composite Web service. Such an analysis should cover dependability (for instance, the reliability of the main process, se...
متن کاملSoa Based Multi Party Web Services Using Dynamic Authentication
Distributed applications has been a big boon for the development of several applications ranging from on-time supply chain management ,virtual collaborations and several kinds of service integration across organizations. Often this leads to new challenges in security and dependability. Collaborating services in a system with a Service-Oriented-Architecture (SOA) may belong to different security...
متن کاملOn Guaranteeing Global Dependability Properties in Collaborative Business Process Management
The Service-Oriented Architecture (SOA) paradigm supports a collaborative business model, where business applications are built from independently developed services, and services and applications build up complex dependencies. Guaranteeing high dependability levels in such complex environment is a key factor for the success of this model. In this chapter we discuss issues concerning the design...
متن کاملEditorial: Service Computing in 2015
AS we enter 2015, I have some very exciting news. First, with IEEE CS Publication Board approval, IEEE Transactions on Service Computing (TSC) will become a bi-monthly journal and publish every two months and six issues annually, instead the current quarterly publications. Second, in response to the growing community of researchers and practitioners, including both authors and readers, TSC edit...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEEE Trans. Services Computing
دوره 4 شماره
صفحات -
تاریخ انتشار 2011