Y Mei,ZC Chen,F Zhang

DOI: https://doi.org/10.1109/icebe.2005.129

2005-01-01

Abstract:Web service is becoming an important approach for enterprises to implement their business applications on Internet. However, most of Web services are built based on special business function, they are isolated and do not address the information communication for integrating the business processes. In this paper, we propose a new composition framework, which comprises the Web-based semantic definition for business messages, the methodology of constructing visualized integrated processes based on Business Process Execution Language (BPEL), and the strategy of vocabulary-based business rules for e-business. In addition, we present a case study that demonstrates the way of composing different kind of application services to a uniform service

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Hao Zeng,Yongwang Zhao,Dianfu Ma

DOI: https://doi.org/10.12733/jcis7282

2013-01-01

Journal of Computational Information Systems

Abstract:Web service has emerged as a fundamental technique for developing Web application due to its highly dynamic and cross-domain characteristics, but which still pose new challenges and difficulties for web services authorization. However, the system-centric view (static control environment) of protecting services and resources taken by traditional access control models is not suitable for web service environment. As is presented in this paper, one finding of our study is a Policy Tree based architecture for web services authorization termed PTBA4WSA. It is established on a staged attribute based access control framework. The paper proposes a Policy Tree model to describe subjects, resources as well as environment attributes, and it also presents a loading classification based policy evaluation algorithm. Both of which cannot only provide high-efficient and _ne-grained access control for web services, but also can support access control policy release mechanism. With PTBA4WSA, we design and implement a service authorization processing system which exhibits high efficiency and availability as is shown by the performance evaluation results. © 2013 Binary Information Press.

PengCheng Xiong,YuShun Fan,MengChu Zhou

DOI: https://doi.org/10.1109/tsmca.2009.2037018

2010-01-01

Abstract:Business process execution language for Web services (BPEL) is becoming the industrial standard for modeling Web-service-based business processes. Behavioral compatibility for Web service composition is one of the most important topics. The commonly used reachability exploration method focuses on verifying deadlock freeness. When this property is violated, the states and traces in the reachability graph only give clues to redesign the composition. The redesign must then repeat itself until no deadlock is found. In this paper, multiple Web service interaction is modeled with a Petri net called composition net (C-net for short). The problem of behavioral compatibility among Web services is hence transformed into the deadlock structure problem of a C-net. If services are incompatible, a policy based on appending additional information channels is proposed. It is proved that the policy can offer a good solution that can be mapped back into the BPEL models automatically.

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

XIE Dong-wen,LIU Min,WU Cheng

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.04.020

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:To guarantee the information security in information acquisition and management in enterprises, an Policy-Based Access Control (PBAC) model was proposed. Definition and compositions of PBAC model were introduced. 9 kinds of rules of PBAC in enterprise information system were provided for enterprises to follow. In addition, a universal and extensible solution was advanced. The solution has been successfully applied in some large project management software. Application has indicated that the proposed solution can greatly lessen software development cycle and improve maintainability.

BI Jing,ZHU Zhi-liang,FAN Yu-shun

2011-01-01

Abstract:A Petri net based optimal control policy is proposed for the check of behavioral incompatibility in web services composition.According to a real case of multiple services interaction,this paper presents a formalized definition of controlled service composition,and the reduced state reachability graph of service composition net is given according to the reduce rules,thus the deadlock states and the deadlock-free states are identified.With the maximally permissive feedback control strategy developed,the appropriate control place and arc are appended in the key transition which can lead to deadlock states.Thus the appropriate optimal controller is developed,the proposed approach is verified.In addition,for the behavioral incompatibility case,a policy of appending optimal controller is presented.It is proved that our policy can be a good solution.Finally,the proposed controller is transformed as the activity of BPEL.

Yunfei Meng,Zhiqiu Huang,Senzhang Wang,Yu Zhou,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.1908.10201

2019-08-23

Cryptography and Security

Abstract:Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.

Hao Zeng,Yong Wang Zhao,Dian Fu Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.644-650.2943

2014-01-01

Applied Mechanics and Materials

Abstract:With the rapid development of web services technology, the security policies defined in WS-SecurityPolicy are widely used for expressing security properties, capabilities, constraints and requirements of web services. It is well-known that security policies are crucial in the negotiation phase of service discovery and selection. However, such security policies are hard to understand and extremely error-prone, due to the complexity of the WS-SecurityPolicy specification. At the same time, because the WS-SecurityPolicy is described by natural language, there have ambiguity problem. These problem seriously hindered the development of web services policy. Therefore, this paper proposes a web services security policy description model to describe accurately and clearly security policies. The security policy model employs the formal modeling method to convert the policy assertions into the security rules.

Aiqiang Gao,Dongqing Yang,Shiwei Tang,Ming Zhang

DOI: https://doi.org/10.1109/icpca.2008.4783602

2008-01-01

Abstract:The emerging paradigm of pervasive computing and web services needs a flexible service discovery and composition infrastructure. The widespread use of Web services in pervasive environments is hindered by the lack of adequate security and privacy support. In this paper, we discuss an access control protocol for conversation-based (composite) Web services. This approach takes into account the conversational nature of composite web services and differentiates two types of web service: goal-driven and interaction-intensive. The former is goal driven and the client cares about the final goal and participates the conversation at only a few steps. While the interaction-intensive composite web service is interaction heavy, and the service and the client need to interact with each other frequently to exchange access control credentials.

Yu Huang,Jieying Li,Haiqiang Dun,Hanpin Wang

DOI: https://doi.org/10.1109/jcai.2009.210

2009-01-01

Abstract:Web services composition refers to the process of composing several Web services to provide a new value-added service. It is an emerging paradigm for application integration within and across organizational boundaries. BPEL is presently the most prominent language to specify and execute business processes, using Web services as its technological basis. However, BPEL is an XML-based language and may suffer from ambiguity and some erroneous properties. It is feasible to analyze BPEL with some formal methods like Petri nets, which is helpful to clarify the semantics of BPEL. In this paper we discuss some service composition patterns supported in BPEL based on SynchroNet, a special class of Petri nets.

Zhang Yuan,Sun Meng

DOI: https://doi.org/10.1109/ICSESS.2011.5982244

2011-01-01

Abstract:We use a scenario-based visual notation, called Policy Sequence Chart (PSC), for specifying security policies in service coordination. A security policy defines a set of security requirements that correspond to permissions, prohibitions and obligations to some executions when some contextual conditions are satisfied. In this paper, we propose an approach of defining operational semantics of PSCs in terms of constraint automata, which can be used as the semantic foundation for checking compliance between service coordination and the security policies.An

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

Beishui Liao,Ji Gao

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.02.009

2006-01-01

Abstract:A policy-desire-contract extended agent model (PDC-Agent) is proposed to establish automatic composition of web services. According to the three types of factors such as policies, desires and contracts, PDC-Agent can rationally select the intended services and their properties by virtue of a preference-based decision-making mechanism, and participate in virtual-organization (VO) formation and service composition. The process of autonomic service composition and a case study are presented. This system can be well adapted to the variation of business requirements and perform real-time application integration in the open, dynamic and heterogeneous VO environment.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

Petia Wohed,Wil M. P. van der Aalst,Marlon Dumas,Arthur H. M. ter Hofstede

DOI: https://doi.org/10.1007/978-3-540-39648-2_18

2003-01-01

Abstract:Web services composition is an emerging paradigm for application integration within and across organizational boundaries. A landscape of languages and techniques for web services composition has emerged and is continuously being enriched with new proposals from different vendors and coalitions. However, little effort has been dedicated to systematically evaluate the capabilities and limitations of these languages and techniques. The work reported in this paper is a step in this direction. It presents an in-depth analysis of the Business Process Execution Language for Web Services (BPEL4WS) with respect to a framework composed of workflow and communication patterns.

Zhong Chen

2008-01-01

Abstract:Based on the Semantic Web technology extends the scope of policy management, In Web access control security through the reasoning of the policy to achieve the dynamic process of adjustment, presents a Web services security visit to the multi-level policy approach, for the next generation of Web services application in a useful exploration.

jingfan tang,bo zhou,zhijun he,u pompe

DOI: https://doi.org/10.1109/icmlc.2004.1380762

2004-01-01

Abstract:With the increasing scale of distributed resources, which couples a wide variety of geographically distributed computational resources, storage systems, data sources and computational kernels, service management and scheduling is a complex undertaking. Since most services on the Internet are mutually independent, users have trouble in accessing several services to achieve a single purpose. Furthermore, the resources are owned by different individuals or organizations with their own policies, have different access and cost models, and have dynamically varying loads and availability.To address the confronted issues, we propose an adaptive approach in this paper for distributed services composition and allocation, which is service-centric and workflow-oriented. We use XML to describe the services by encoding such factors as resource configuration, performance, and service-specific capabilities, which enables services to be easily developed, composed, deployed, relocated, monitored and managed in distributed environments. We use service composition technology to construct composite service by combining several independent services, which can be considered as the element services of the composite service, executed as workflow process. The allocation of such element services Will be decided dynamically due to the economic objective function to address the issues of adaptation, availability, performance and economic cost.

Jm Liu,Jt Cui,N Gu

DOI: https://doi.org/10.1145/984622.984657

2004-01-01

Abstract:Web services technology is emerging as a promising approach of integration and interaction for applications within and across organizational boundaries. But it is difficult to meet the practical requirements if only with the individual web services. As a result, federating existing single web services into composite web services is not only necessary but also indispensable. This paper proposes a dynamic and semantic composition approach for web services. In this approach, web services are modeled with some rules whose heads and bodied are related with a semantic ontology used for eliminating the semantic conflicts in composition. Moreover, a Non-backtrace backward chaining algorithm is addressed to compose the existing web services in a more efficient and automatic way. Given the inputs and expected outputs, the approach will automatically and dynamically generate a composition plan and convert it into BPEL4WS that can be executed and returns the results. The whole composition process can be done automatically and dynamically.

Zhang Fan,Yang Wenjun,Li Juanzi,Zheng Guoqin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.037

2006-01-01

Abstract:Based on the studies of semantic Web Service integrated platform,a new language called CPSDL(Composition Process Semantic-based Description Language) is proposed to address the problems of heterogeneous message mapping and controlling the composition granularity in Web Service composition process.Adopting a top-down composition method and supporting the heterogeneous message transforming,CPSDL provides semantic and entity descriptions of Web Service composition process.The paper also introduces an algorithm for transforming a CPSDL file to a BPEL4WS file.