Abstract
Multidomain application environments where distributed domains interoperate with each other is a reality in Web-services-based infrastructures. Collaboration enables domains to effectively share resources; however, it introduces several security and privacy challenges. In this article, we use the current web service standards such as SOAP and UDDI to enable secure interoperability in a service-oriented mediator-free environment. We propose a multihop SOAP messaging protocol that enables domains to discover secure access paths to access roles in different domains. Then we propose a path authentication mechanism based on the encapsulation of SOAP messages and the SOAP-DISG standard. Furthermore, we provide a service discovery protocol that enables domains to discover service descriptions stored in private UDDI registries.
- Afsarmanesh, H., Garita, C., and Hertzberger, L. 1998. Virtual enterprises and federated information sharing. In Proceedings of the International Conference on Database and Expert Systems Applications (DEXA). Google ScholarDigital Library
- Atluri, V., Chun, S., and Mazzoleni, P. 2001. A Chinese wall security model for decentralized workflow systems. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS), ACM Press, New York, 48--57. Google ScholarDigital Library
- Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Sys. Security 2, 1 (Feb.), 65--104. Google ScholarDigital Library
- Bonatti, P., Sapino, M., and Subrahmanian, V. 1997. Merging heterogenous security orderings. J. Comput. Secur. 5, 1, 3--29. Google ScholarDigital Library
- BPEL4WS. 2002. Business process execution language for web services (BPEL4WS). http://www-128.ibm.com/developerworks/library/specification/ws-bpel/.Google Scholar
- Brewer, D. and Nash, M. 1989. The Chinese wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy, 206--214.Google Scholar
- Cox, D. and Kreger, H. 2005. Management of the service-oriented-architecture life cycle. IBM Syst. J. 44, 4. Google ScholarDigital Library
- Crampton, J. 2003. On permissions, inheritance and role hierarchies. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS), ACM Press, New York, 85--92. Google ScholarDigital Library
- Ferraiolo, D., Kuhn D., and Chandramouli, R. 2003. Role-Based Access Control. Artech House. Google ScholarDigital Library
- Dan, A., Davis, D., Kearney, R., King, R., Keller, A., Kuebler, D., Ludwig, H., Polan, M., Spreitzer, M., and Youssef, A. 2004. Web services on demand: WSLA-Driven automated management. IBM Syst. J. 43, 1 (Mar.), 136--158. Google ScholarDigital Library
- Dawson, S., Qian, S., and Samarati, P. 2000. Providing security and interoperation of heterogeneous systems. Distrib. Parallel Databases 8, 1, 119--145. Google ScholarDigital Library
- Desai, A. and Awad, N. 2005. Special issue on adaptive complex enterprises. Commun. ACM 48, 5 (May).Google Scholar
- Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Sys. Security 4, 3 (Aug.), 224--274. Google ScholarDigital Library
- Gong, L. and Qian, X. 1994. The complexity and composability of secure interoperation. In Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, 190--200. Google ScholarDigital Library
- Gong, L. and Qian, X. 1996. Computational issues in secure interoperation. IEEE Trans. Softw. Eng. 22, 1 (Jan.). Google ScholarDigital Library
- Jonscher, D. and Dittrich, K. 1994. An approach for building secure database federations. In Proceedings of the 20th International Conference on Very Large Data Bases (VLDB), Morgan Kaufmann, San Francisco, CA, 24--35. Google ScholarDigital Library
- Li, N., Bizri, Z., and Tripunitara, M. 2004. On mutually exclusive roles and separation of duty. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Ludwig, H., Bussler, C., Shan, M., and Grefen, P. 1999. Cross-Organisational workflow management and co-ordination WACC. 99 Workshop Rep. 20, 1. Google ScholarDigital Library
- Medjahed, B., Bouguettaya, A., and Elmagarmid, A. K. 2003. Composing web services on the semantic web. VLDB J. 12, 4 (Nov.), 333--351. Google ScholarDigital Library
- Morgenstern, M., Lunt, T., Thuraisingham, B., and Spooner, D. 1992. Security issues in federated database systems: Panel contributions. In Results of the IFIP WG 11.3 Workshop on Database Security V. North-Holland, 131--148. Google ScholarDigital Library
- Myerson, J. 2004. Use SLAs in a web services context, part 1: Guarantee your web service with a SLA. http://www-128.ibm.com/developerworks/library/ws-sla/.Google Scholar
- Ramnath, R. and Landsbergen, D. 2005. IT-Enabled sense-and-respond strategies in complex public Organizations. Commun. ACM 48, 5 (May), 58--64. Google ScholarDigital Library
- RBAC. 1996. Role based access control (RBAC). http://csrc.nist.gov/rbac/.Google Scholar
- Rivest, R., Shamir, A., and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120--126. Google ScholarDigital Library
- SAML. 2004. Security assertions markup language (SAML). http://xml.coverpages.org/saml.html.Google Scholar
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-Based access control models. IEEE Comput. 29, 2 (Feb.), 38--47. Google ScholarDigital Library
- Schmidt, M., Hutchison, B., Lambros, P., and Phippen, R. 2005. The enterprise service bus: Making service-oriented architecture real. IBM Syst. J. 44, 4. Google ScholarDigital Library
- Schneier, B. 1996. Applied Cryptography, 2nd ed. John Wiley.Google Scholar
- Shafiq, B., Joshi, J., Bertino, E., and Ghafoor, A. 2005. Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans. Knowl. Data Eng. 17, 11, 1557--1577. Google ScholarDigital Library
- Shehab, M., Bertino, E., and Ghafoor, A. 2005a. Secure collaboration in mediator-free environments. In Proceedings of the 12th ACM Conference on Computer and Communications Security, (CCS), ACM Press, New York. Google ScholarDigital Library
- Shehab, M., Bertino, E., and Ghafoor, A. 2005b. SERAT: Secure role mapping technique for decentralized secure interoperability. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), ACM Press, New York, Google ScholarDigital Library
- SOAP. 2003. Simple object access protocol (SOAP). http://www.w3.org/TR/soap.Google Scholar
- SOAP-DSIG. 2001. SOAP security extensions: Digital signature. http://www.w3.org/TR/SOAP-dsig.Google Scholar
- UDDI. 2003. Universal description, discovery, and integration (UDDI). http://www.uddi.org.Google Scholar
- Vimercati, S. and Samarati, P. 1997. Authorization specification and enforcement in federated database systems. J. Comput. Secur. 5, 2, 155--188. Google ScholarDigital Library
- Wiederhold, G., Bilello, M., and Donahue, C. 1998. Web implementation of a securtty mediator for medical databases. In Proceedings of the IFIP 11th International Conference on Database Security. Chapman and Hall, London, 60--72. Google ScholarDigital Library
- WS-Policy. 2004. Web services policy framework (ws-policy). http://www-128.ibm.com/developerworks/webservices/library/specification/ws-polfram/.Google Scholar
- WS-Secmap. 2002. Security in a web services world: A proposed architecture and roadmap. http://www-128.ibm.com/developerworks/webservices/library/specification/ws-secmap/.Google Scholar
- WS-Security. 2002. Web services security (ws security). http://www-128.ibm.com/developer-works/webservices/library/specification/ws-secure/.Google Scholar
- WS-Security. 2006. OASIS web services security. http://www.oasis-open.org/committees/wss/.Google Scholar
- WS-Trust. 2004. Web services trust language (ws trust). http://www-128.ibm.com/developer-works/library/specification/ws-trust/.Google Scholar
- WSCI. 2002. Web service choreography interface (wsci). http://www.w3.org/TR/wsci.Google Scholar
- WSDL. 2003. Web services description language (wsdl). http://www.w3.org/TR/wsdl.Google Scholar
- XACML. 2005. Extensible access control markup language (xacml). http://www.oasis-open.org/committees/xacml/.Google Scholar
- XML-Sig. 2002. XML-Signature syntax and processing. http://www.w3.org/TR/xmldsig-core.Google Scholar
Index Terms
- Web services discovery in secure collaboration environments
Recommendations
Semantic Web Services, Part 2
Semantic Web services (SWS) has been a vigorous technology research area for about six years, producing a great deal of innovative work. Part 2 of this Trends & Controversies department continues exploring the state of the art, current practices, and ...
Bootstrapping quality of Web Services
A distributed application may be composed of global services provided by different organizations and having different properties. To select a service from many similar services, it is important to distinguish between them. Quality of services (QoS) has ...
Web services discovery and constraints composition
RR'07: Proceedings of the 1st international conference on Web reasoning and rule systemsThe most promising feature of the Web services platform is its ability to form new (composite) services by combining the capabilities of already existing (component) services. The existing services may themselves be composite leading to a hierarchical ...
Comments