Bin Xu,Xiaohu Yang,Yuanhong Shen,Shanping Li,Albert Ma

DOI: https://doi.org/10.1109/cts.2008.4543958

2008-01-01

Abstract:Software architecture is the backbone of a software- intensive system, many architecture models and styles are struggling to make the artifacts more understandable and reusable. Service-oriented programming is proposed to support reusing and enhancing distributed system development and a service-oriented architecture is essentially a collection of services which communicate with each other. However, the practitioners face the trouble in defining the services and identifying the communication request between all the services. Here in this paper, we adopted a role based architecture model named E-CARGO to facilitate the service definition and communication request identifying. An experience was conducted in prototyping a community support system and E-CARGO model was extended with data and authority access in the case study. The case study indicated that the suggested model could facilitate communication request identifying and service definition and could be helpful in identifying the authority control request during role shifting.

Zhang Xiao-Guang,Li Jing-Song,Zhou Tian-Shu,Yang Yi-Bing,Chen Yun-Qi,Xue Wan-Guo,Zhao Jun-Ping

DOI: https://doi.org/10.1109/ITIME.2009.5236236

2009-01-01

Abstract:Interoperability among healthcare information systems is one of the most challenging problems in healthcare domain. In this paper, we propose a structure of Interoperable Medical Information System based on SOA (Service-Oriented Architecture) and Web 2.0 under the framework of Regional Health Information Network. Various components are described in detail, including authentication, data access, and services management and so on. Services for medical information getting are registered and published by the system; users then access the system to search and fetch demanded services and value-added applications. All of the heterogeneous and distributed data and applications are converted to independent services according to international standards. As a result of the use of SOA, the system is levels clearly demarcated with good universality and maintainability.

Zhuoren Jiang,Yan Chen,Ming Yang

DOI: https://doi.org/10.1109/ICIME.2010.5477923

2010-01-01

Abstract:Recently, SOA plays a more and more important role in software research and software development. On the basis of the research findings on SOA, this paper presents an innovative model for applying SOA: Multi-layer Structure For Dynamic Service Integration (MSFDSI). The paper expatiates on the organization of MSFDSI, on the basis of typical organization of SOA, MSFDSI adds a authorized institution and a service integration & analysis adapter to achieve the service authorization, service analysis and dynamic service integration. The paper also presents the hierarchy of MSFDSI, analyzes its service, proposes innovative concepts of coordination service and procedural service which traditional SOA models never contain, gives the Meta-model for service contracts and describes the main process of MSFDSI. Moreover, this paper gives a real case study of applying this model in a project of "Maritime and shipping integrated system of Yunnan Province". The case study shows that MSFDSI separates the business logic and the specific implementation technology, achieves the dynamic service integration successfully, improves the performance of system and provides a new and effective solution for applying SOA.

XU Feng,LAI Hai-Guang,HUANG Hao,XIE Li

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.04.028

2005-01-01

Chinese Journal of Computers

Abstract:Service oriented architecture (SOA) is an evolution of client/server architecture. A SOA based system can transparently incorporate services running on different software platforms. It could drive the costs down by achieving automated code generation, reuse, and interoperability. But it will cause the complexity of security management due to its loose couple and dynamic characteristics. The paper first reviews the development of access control technology, and then presents a workflow based and services oriented role based access control (WSRBAC) model. In the model, the authors introduce two notions of services and authorization transfer to describe dynamic service oriented architecture. In WSRBAC model, access control system can make its access control decisions by capturing practical relevant environmental context. It can realize access control with dynamic grant and adapt permissions based on the state of workflows and services. This model can enhance system security and provide flexibility in access control system.

Peng Qi-rui,Wang Cheng,Wu Jing,Li Jun

DOI: https://doi.org/10.1109/icsess.2010.5552305

2010-01-01

Abstract:To integrate distributed information systems in group companies, people favor the Service-Oriented-Architecture (SOA) for its features such as loose-coupling and standardization. But SOA brings security problems. Consequently, an authentication and authorization solution is proposed in this paper. By designing security architecture based on Service-Access-Agent, this solution can simplify the security program, and bring good to the system flexibility and loose coupling, thereby meet the integrated system's requirements for dynamics and agility. This solution has been applied to a project of “national 863 plan”, and shown its validity in engineering practices.

Minghui Zhou,Haiyan Zhao,Hong Mei

DOI: https://doi.org/10.1109/ICWS.2006.14

2006-01-01

Abstract:In the service-oriented architecture, the components deployed on application servers are published as Web services. Though many researches focus on how to authorize at the Web service level currently, there is little work involving the authorization gap between the service and its component implementation. This paper tries to bridge the gap by proposing a service-oriented trust management model, which expands the application server's capability to deal with more complex trust relationship between service users and services, and supplies a flexible trust management mechanism to integrate authentication and authorization together. Moreover, the model provides a finer granularity access control, sustains delegation between users, and has a certain extent reasoning capability. The model has been implemented in a J2EE application server, and the experiment has demonstrated that the model has high flexibility and scalability

Changqin Huang,Guanghua Song,Yao Zheng,Deren Chen

DOI: https://doi.org/10.1007/978-3-540-30102-8_39

2004-01-01

Abstract:Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on the least privilege principle, and presents a context-aware authorization approach and a flexible task management mechanism. The minimization of the privileges is conducted by decomposing the parallelizable task and re-allotting the privileges required for each subtask. The dynamic authorization is carried out by constructing a multi-value community policy and adaptively transiting the mapping. Besides applying a relevant management policy, a delegation mechanism collaboratively performs the authorization delegation for task management. In the enforcement mechanisms involved, the authors have extended the RSL specification and the proxy certificate, and have modified the Globus gatekeeper, jobmanager and the GASS library to allow authorization callouts. Therefore the authorization requirement of an application is effectively met in the presented architecture.

LUO Dan,ZHOU Bo

DOI: https://doi.org/10.3724/sp.j.1087.2011.00562

2011-01-01

Abstract:Service-Oriented Architecture(SOA) provides a solution for reengineering legacy systems to support distributed application environment.But due to the limitation of technology and architecture involved,issues such as non-support of a multi-threaded environment,memory leaking,non-support of parallel environment still exist in some parts of the legacy systems,which restrict their applications immensely.Through analyzing and doing research on the communication mechanism of Windows Communication Foundation(WCF),a parallel architecture was proposed to solve these problems.The architecture improved the default architecture of WCF by adding a service controller to it,which could deliver message between the client and the server and selected service for clients.The proposed architecture has already solved these problems and been applied in a large financial system.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/GLOCOM.2011.6134072

2011-01-01

Abstract:In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.

Jianzhong Zhong Lan,Yi Liu,Yueting Chai

DOI: https://doi.org/10.1109/WCICA.2008.4593595

2008-01-01

Abstract:SOA (Service-oriented architecture) Solution Model involves SOA associated reference architecture, e-commerce patterns, methodologies and best practices ranging from the beginning to the end of a complete SOA project. A new Solution Model is presented. Service is the kernel and process is the breakthrough point of business innovation in this model. A series of widely acceptable standards, such as SDO (Service Data Object), SCA (Service Component Architecture) and BPEL (Business Process Execution Language), are adopted in this model. Analysis, design, implementation and management methodologies and best practices are covered in this model. By analyzing the characteristic, mechanism and function of the model, we give a real-world example to illustrate how this Solution Model can be used in practice. © 2008 IEEE.

Beibei Shao

2009-01-01

Abstract:The service-oriented architecture (SOA),which is utilized for application system integration for group enterprises, can adapt to the heterogeneous and distributed features of the systems, but has problems that challenge the system security. A cross-domain access control scheme is presented for enterprise applications to resolve the SOA security problems. The core idea is to build a uniform agent-based authentication and authorization system based on the conventional SOA implement model, which achieves shared management and access control of the service resources on the enterprise service bus (ESB) to ensure safe, reliable access across the security domains. This scheme enhances the syetem security, scalability and alterability in the informatization construction of large group enterprises.

ChangSheng Zhu,ManMan Chai,YuFeng Lu,YiDong Guo

DOI: https://doi.org/10.1109/ICCIS.2013.311

2013-01-01

Abstract:In order to meet the growing business requirements about energy consumption (energy and water consumption), it is necessary to construct system about energy consumption in Petroleum Enterprise. Because of its advantages in high degree of flexibility and reusability, service oriented architecture becomes a preferred architecture. Through discussion about service oriented theory and related technique, this paper designs a service-oriented system architecture model of petroleum enterprise on energy consumption. It publishes the services on the enterprise service bus of the architecture model, service users can invoke the services on the enterprise service bus according to their business requirements. Through implementation results of the system we verify the feasibility and effectiveness of the system architecture designed by this paper.

CHEN Tao,SHAO Zhijiang

DOI: https://doi.org/10.3321/j.issn:0438-1157.2005.12.019

2005-01-01

Abstract:The state of the art process modeling and optimization software was reviewed. Motivated by increasing demand on modeling and optimization of systems with large-scale and high complexity characteristics, a new application mode with service-oriented open architecture was proposed.ASCEND (advanced system for computations in engineering design) was chosen as the base for equation-oriented modeling. Its inherent structure, data flow, working mode and communication interface were redefined and reconstructed. With support from COM/DCOM/AUTOMATION technology, AscendServer was built as the core service providing modeling and optimization functionalities. Some key issues such as componentization, event handling and coordination between processes were discussed in details. Within this superstructure, modeling and optimization for large-scale complex systems could be integrated with more extensive data exchange, more flexible application mode and more adaptative capabilities. A data reconciliation system of water consumption balancing for a petrochemical company was given to verify the efficiency and functionalities of the new open structure service for modeling and optimization.

li zhang,gang zhang

DOI: https://doi.org/10.4028/www.scientific.net/AEF.4.172

2012-01-01

Abstract:SOA has been the effective technical solution to enterprise application integration and business process rebuilding. The paper presents a reference implementation scheme of Commercial Bank Card System based on SOA. In requirement tier, the implementation plan first establishes the full concept model and logical model of Commercial Bank Card System from business request(business use case-business step-atomic business) to system request (system use case-system step-atomic component), then in semantics tier, we give out full description of the model through the combination of OWL and BPEL. At last a SOA's three-tier framework of "requirement-semantics-service" has been built for the Commercial Band Card System.

Yunfei Meng,Zhiqiu Huang,Senzhang Wang,Yu Zhou,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.1908.10201

2019-08-23

Cryptography and Security

Abstract:Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.

WU Jing,PENG Qi-rui,LI Qing,LIU Yong-qing

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.08.002

2010-01-01

Abstract:To overcome the universal challenge of distributed application integration for Chinese enterprise groups and solve the problem of shared management and cross-domain access control of the service resources under SOA, a whole web service management method is presented. By designing an infrastructure based on Service-Access-Agent and a global authentication and authorization mechanism, the security of the integrated system is ensured with low cost. Meanwhile, by using a registration service based on global unique ID and dynamic invocation mechanism, the agility and loose coupling of SOA are improved. The good adaptability and practical value of the method has been shown by engineering application in a typical group enterprise.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ISBIM.2008.132

2009-01-01

Abstract:In large enterprise software systems, users often need to delegate their authority to others. Permission base delegation model (PBDM) based on RBAC96 currently is the most attractive model to fulfill the delegation requirement since it supports partly delegation and multiple steps delegation. However in PBDM there is no explicit specification of the separation of duty (SOD) constraint, which is one of the most important constraints and is essential to the security of the system. In this paper, we analyze the SOD constraint in PBDM delegation model and give the formal definition for the constraint. We prove that the constraint violation will not happen at the stage of the delegation role definition whereas it can only happen at the stage of role assignment. We then propose a protective mechanism to prevent the illegal role delegation utilizing the prerequisite conditions which are a set of Boolean expressions. We also give the algorithm to check the prerequisite conditions to help the security administrator guarantee the safe role delegation.

Wei Meng,Fengmin Li,Juchen Pan,Song,Jiali Bian

DOI: https://doi.org/10.1117/12.2265215

2017-01-01

Abstract:The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

Zhi-Yi MA,Hong-Jie CHEN

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.07.002

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Recently, SOA plays a more and more important role in software research and software development. On the basis of the research findings on SOA, this paper presents a SOA reference model that can be used to design SOA. The paper deeply discusses some concepts on SOA, and expatiates on the structure of the reference model and its service bus and meta model for service contracts. Moreover, the paper presents the maturity model for evaluating service-oriented architectures. The reference model lays the foundation for building service-oriented architectures.

Li Yong,Wu Jie,Lü Zhihui,Zhang Shiyong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.06.071

2009-01-01

Abstract:In network environment,a lot of distributed resources have the requirement to be managed,and it gives management system itself high requirements in the capability of extensibility and interoperability.In this paper it gives a comparison in advantages and disadvantages between traditional management architecture and SOA architecture while being used in system and network management field,and then proposes a novel WSDM-protocol-based middleware model for system and network management,and establishes a prototype of this model to carry out the practice evaluation on it.The model's layers include the layer of system and network management,of middleware,and of resource to be managed.The model can help field-related designers in system and network management field realize the transform from existing management interfaces to standard-based Web Service management interface,which nicely resolves the problem of interaction among IT resources to be managed,and adapts to the change requirement of dynamic extensibility of management resources in distributed network environment.