Adding Security to BPEL Workflows of Web Services
نویسندگان
چکیده
BPEL (Business Process Enterprise Language) is a language for web services composition and several implementations of it exist. For BPEL to be effective, it is necessary that it provides more support for security. BPEL doesn’t present any means to specify security constraints for workflows. BPEL through its activities tries to provide specific functional aspects and any non-functional aspects are expected to be addressed by other (lower-level) specifications. We present here a way to specify security requirements in BPEL. Since BPEL describes workflows, we present its activities using UML activity diagrams, where we apply a threat enumeration approach to determine the required security mechanisms to stop these threats. Our approach goes beyond BPEL and can be applied to BPMN and other business flow languages.
منابع مشابه
Verifying BPEL Workflows Under Authorisation Constraints
Business Process Execution Language (BPEL), or Web Services BPEL (WS-BPEL), is the standard for specifying workflow process definition using web services. Research on formal modelling and verification of BPEL has largely concentrated on control flow and data flow, while security related properties have received little attention. In this work, we present a formal framework that integrates Role B...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملMiddleware Support for BPEL Workflows in the AO4BPEL Engine
This paper focuses on middleware concerns in BPEL workflows. When looking at those workflows from the implementation perspective, we observe that they have several BPEL-specific middleware requirements, which are not supported by current WS-* specifications and by most BPEL engines available to date. This demo paper will show the AO4BPEL Engine, which implements a container framework that allow...
متن کاملApplication of Business Process Execution Language to Scientific Workflows
This paper investigates the use of the Business Process Execution Language for Web services (BPEL4WS/ BPEL) for managing scientific workflows. The complexity, unpredictability and inter-dependency of the components in a scientific workflow often demand great flexibility in a workflow-language in order to support; 1) exception handling, 2) recovery from uncertain situations, 3) user interactions...
متن کاملComposing services on the grid using BPEL4SWS
Service composition on the Grid is a challenging task as documented in existing research work. Even though there are initial attempts to use the Business Process Execution Language (BPEL) to compose services on the Grid, still there is a significant lack of flexibility and reusability needed in scientific applications. In this paper we present BPEL for Semantic Web Services (BPEL4SWS) a languag...
متن کامل