Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Ma Tian-chi,Li Shan-ping

DOI: https://doi.org/10.1631/jzus.2005.a0405

2005-01-01

Journal of Zhejiang University SCIENCE A

Abstract:New challenges are introduced when people try to build a general-purpose mobile agent middleware in Grid environment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in Grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a Grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.

Qinghuai Zeng,Changqin Huang,Deren Chen,Hualiang Hu

DOI: https://doi.org/10.1109/CACWD.2004.1349224

2004-01-01

Abstract:In grid environments, the dynamic and multi-institutional nature introduces challenging security issues. In this paper, we propose subtask-based authorization service (SAS) architecture to fully secure a type of application oriented to engineering and scientific computing. We minimize privileges for task by decomposing the parallel task and re-allotting the privileges required for each subtask. Community authorization module describes and applies community policies of resource permission and privilege for resource usage or task management. It separates proxy credentials from identity credentials. We adopt a relevant policy and task management delegation to describe rules for task management. The ultimate privileges are formed by the combination of relevant proxy credential, subtask-level privilege certificate and community policy for this user, as well as they conform to resource policy. To enforce the architecture, we extend the RSL specification and the proxy certificate, modify Globus' gatekeeper, jobmanager and the GASS library to allow authorization callouts, and evaluate the user's job management requests and job's resource request in the context of policies.

TC Ma,SP Li

DOI: https://doi.org/10.1109/clustr.2003.1253356

2003-01-01

Cluster Computing

Abstract:In this paper, an instance-oriented security mechanism is proposed, to attack possible security threats in grid-based mobile agent system. The proposed delegation profile allows application systems to define their own security instances, while it provides mechanisms to delegate one's identity on those instances, instead of on certain hosts, just like the conventional delegation does. This can prevent the delegated host from abusing privileges. By adopting the new delegation profile kernel, a new trust framework is then proposed to enhance the security verification ability and provide more fine-grained authorization to mobile agent platforms.

William Song,Deren Chen,Jen-Yao Chung

DOI: https://doi.org/10.1504/ijeb.2006.010866

2006-01-01

International Journal of Electronic Business

Abstract:The introduction of the semantic web and web service technologies enables business processes, modelling and management to enter an entirely new stage. Traditional web-based business data and transactions can now be extracted to discover new business rules and strategies. Methods equipped with business policies and processes will construct services, workflows, and software functions. As a service intensive activity, micro-payment has many tasks involving different forms of services. Through analysing web service issues for micro-payment systems, we will investigate, discuss and illustrate how the web services technology support and transform the business process and integration model and produce various service flows.

Mh Shi,Dr Chen,Lj Zhang

2002-01-01

Abstract:With the advent of dynamic e-business and its open standards-based supporting technologies, valuable legacy applications that support essential business processes in enterprises can join this new area of distributed computing. In this paper, we introduce a framework for enterprise integration with universal web services model. We propose an integration framework based on the Software Integration Markup Language (SIML), which is an XML based markup language designed to describe e-business applications and enterprise integration.

RUAN Tong,JIN Zhi-chao

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.02.011

2013-01-01

Abstract:Web service security tools nowadays provide security configuration functionality at single Web services level,neglecting security requirement from business process layer.A Web service security framework towards multi-party collaboration application is proposed in this paper,which incorporates the enterprise business process management with security processes including security modeling,deployment and monitoring.Corresponding modeling tools,converting tools and monitoring tools based on Secure-WSCDL are constructed,synchronizing business model and security model throughout the entire software engineering lifecycle in SOA architecture.It verifies the effectiveness of the model and the tools by the simplified international trade import and export process instance.

CHEN Yong,ZHAO Xi-bin,GU Ming

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.07.071

2006-01-01

Abstract:There are some problems to difine and realize the complex authorization in a large-scale E-commerce applications.This paper analyzes the requirement of authorization service for Web Services based business systems and proposes the multi-level authorization mechanism as a basic mechanism for implementing the authorization service,which is based on the theory of threshold closure.Then the paper designs and realizes a service-oriented authorization server using this mechanism.

Shaohua Tang

2004-01-01

Journal of Information and Computational Science

Abstract:A secure session management protocol and a centralized session administration server are designed in this paper. The administration server is responsible for the setup of a session, the generation and distribution of the session key, and the maintenance of the session statuses. A DFA-based mechanism is designed for the administration server to manage the statuses of the session. The message confidentiality, authentication and integrity are guaranteed in the session management protocol. Therefore, Web Services can be applied to e-business workflow to achieve end-to-end multi-party secure collaboration by taking advantage of the session management mechanism presented in this paper.

Chen Zhao,Yang Chen,Dawei Xu,NuerMaimaiti Heilili,Zuoquan Lin

DOI: https://doi.org/10.1007/11563952_54

2005-01-01

Abstract:In enterprise environment, security becomes increasingly important and costly. Enterprises are struggling to protect the increasing amount of disparate resources. Simple patchwork of security controls no longer suffices. Enterprises require a comprehensive solution that provides centralized security management, from authentication, to authorization and to auditing. To this end, we present a design and implementation of an integrative security management solution for Web-based enterprise applications, WebDaemon. It provides Single Sign-On to multiple Web applications. It also provides restricted access to Web-based content, portals, and Web applications based on Role-Based Access Control (RBAC) policies. The WebDaemon can help enterprises secure all Web resources with consistency of policy management and reduced administrative costs.

Sg Deng,Zh Wu,Z Yu,Lc Huang

DOI: https://doi.org/10.1007/978-3-540-24685-5_106

2004-01-01

Abstract:Encapsulating processes into process-services is a hot topic nowadays. Time management is an important issue for service providers to ensure the successful execution of process-services, and time information is also concerned by process-service consumers. Due to the security and secrecy factors in businesses, service providers are not willing to publish all information in process-services out. Thus process-services present as black boxes with only interfaces to consumers. As a result it is hard for consumers to engage in time management. We propose a secure process-service model, in which a process-service is divided into a public part and a private part.

Jingfan Tang,Zhijun He

DOI: https://doi.org/10.1109/cscwd.2006.253075

2006-01-01

Abstract:This paper presents a novel model to support security in dynamic cooperation of cross-enterprise services. With the extended WSDL description and through the replication technique, the service replica can be dynamically deployed and executed on the optimum cross-enterprise server, which is selected from the registered servers in the enhanced UDDI center according to the server evaluation function. In order to ensure the safety and dynamically sharing of the cross-enterprise resources among the Web services, a security mechanism of trusted right delegation is introduced

YB Peng,J Gao,J Hu,BS Liao

DOI: https://doi.org/10.1109/cit.2005.35

2005-01-01

Abstract:Information systems researchers continue to develop Web services hoping that, in a near future, these services will be used in every application system expediently. Although many implementations of Web services are currently available, no project can solve the problem of autonomous controlling the whole execution process of Web services. In this paper, we present a policy-driven IMCSBA (Infrastructure for Managing and Controlling the Social Behavior of Agents) project, which provides a platform to autonomous control the whole execution process of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Fan Zhang,Ji Gao,Hang Guo,Peiyou Zhu,Beishui Liao

DOI: https://doi.org/10.1109/WCICA.2006.1714432

2006-01-01

Abstract:Web Services, as a wonderful distributed computing technology, are used in many business system, such as ERP and CRM. However, dynamical nature of web services and changeful business requirements result in increasing complexities of management of web services, especially in large-scale business system. In this paper, we present architecture of autonomic management for web services base on federated multi-agent system. It uses task agent as a container of web services to manage web services and has an autonomic cooperation mechanism to share information and cooperate among task agents, manager agents and middle agents in agent federation to finish some computing tasks.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Dongxi Zheng,Shaohua Tang,Shaofa Li

DOI: https://doi.org/10.1142/S0218126605002714

2011-01-01

Journal of Circuits Systems and Computers

Abstract:Web Services technology is suitable for cross-platform and cross-application integration. To secure systems based on Web Services, a single sign-on protocol for Web Services supporting several login modes are presented. The architecture and the formalized flow of the protocol are described. The protocol is also analyzed and proven using an extended SVO logic.

Dongxi Zheng,Shaofa Li,Shaohua Tang

2004-01-01

Journal of Information and Computational Science

Abstract:Web services technology is a new way to integrate applications into a business flow. To provide security, secure sessions need to be established among them. We propose a design of Web services secure session management. The architecture and messages are described. A model and an analysis of the flow based on Petri net are also presented.

Min Li,Yi-sheng Zhang,Nian-sheng Cheng

DOI: https://doi.org/10.1109/iccsit.2008.166

2008-01-01

Abstract:In modern Collaborative Manufacturing, different security mechanisms of systems bring usage complexities and security risks. Grid Security Infrastructure (GSI) enables secure authentication and communication over computer networks. It is designed and developed on the technology of Java GSS-API, JAAS, Kerberos. The key technologies such as integrating with application server are specially discussed. The application in a blanking processing factory verifies the practicability of the security service.

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..