Instance-Level Security Management in

By using Web services, people can generate flexible business processes whose activities are scattered across different organizations, with the services carrying out the activities bound at run-time. We refer to an execution of a Web service based automatic business process as a business session (multi-party session). A business session consists of multiple Web service instances which are called session partners. Here, we refer to a Web service instance as being a stateful execution of the Web service. In [8], we investigate the security issues related to business sessions, and demonstrate that security mechanisms are needed at the instance level to help session partners generate a reasonable trust relationship. To achieve this objective, an instance-level authentication mechanism is proposed. Experimental systems are integrated with both the GT4 and CROWN Grid infrastructures, and comprehensive experimentation is conducted to evaluate our authentication mechanism. Additionally, we design a policy-based authorization mechanism based on our instance-level authentication mechanism to further support trustworthy and flexible collaboration among session partners involved in the same business session. This mechanism allows an instance invoker to dynamically assign fine-grained access control policies for the new invoked instance so as to grant other session partners the necessary permissions.