Um Modelo de Composição de Políticas de Qualidade de Proteção para Serviços Web Compostos
Abstract
The description languages for Web Services composition deal specifically with the definition of the business process logic and do not provide support for security aspects regarding the involved Web Services. This paper uses WS-Policy, WS-BPEL and WSCDL standards to propose a model to check, in a preliminary way, the compatibility of the quality of protection policies of the business process participants and builds the composite process policy.
References
CARMINATI, B., FERRARI, E., e HUNG, P. C. K. (2005). Web service composition: A security perspective. In Proceedings WIRI, pages 248–253.
CARMINATI, B., FERRARI, E., e HUNG, P. C. K. (2006). Security conscious web service composition. In ICWS’06: Proceedings of the IEEE International Conference on Web Services. IEEE.
CHARFI, A. e MEZINI, M. (2005). Using aspects for security engineering of web service compositions. In Proceedings of the 2005 IEEE International Conference on Web Services, volume I, pages 59–66. IEEE.
CHARFI, A., SCHEMLING, B., HEINZREDER, A., e MEZINI, M. (2006). Reliable, secure, and transacted web service compositions with ao4bpel. In Proceedings of the European Conference on Web Services (ECOWS’06). IEEE.
HUANG, D. (2005). Semantic policy-based security framework for business processes. In 4th International Semantic Web Conference.
PELTZ, C. (2003). Web services orchestration and choreography. IEEE Computer, 36(10):46–52.
ROUACHED, M. e GODART, C. (2007). Specification and verification of authorization policies for web services composition. In CAISE Forum, CEUR Workshop Proc.
SONG, H., Sun, Y., YIN, Y., e ZHENG, S. (2006). Dynamic weaving of security aspects in service composition. In Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering (SOSE’06). IEEE.
SRIVATSA, M., IYENGAR, A., MIKALSEN, T., ROUVELLOU, T., e YIN, J. (2007). An access control system for web service compositions. In Web Services, 2007. ICWS 2007. IEEE International Conference on.
WANGHAM, M. S., de MELLO, E. R., RABELLO, R., e FRAGA, J. S. (2005). Provendo garantias de segurança para formação de organizações virtuais. Gestão Avançada de Manufatura, 22:75–84.
WS-ADDRESSING (2006). Web services addressing 1.0 - core. W3C Recommendation. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-ARCHITECTURE (2004). Web services architecture. W3C Working Group Note. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/.
WS-BPEL (2007). Web services business process execution language version 2.0. OASIS Standard. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.
WS-CDL (2005). Web services choreography description language version 1.0. W3C Candidate Recommendation. http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109/.
WS-FEDERATION (2006). Web services federation language (ws-federation) version 1.1. [link].
WS-METADATAEXCHANGE (2006). Web services metadata exchange (wsmetadataexchange) version 1.1. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-POLICY (2007). Web services policy 1.5 - framework. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-20070904/.
WS-POLICYATTACHMENT (2007). Web services policy 1.5 - attachment. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/.
WS-SECURECONVERSATION (2007). Ws-secureconversation 1.3. OASIS Standard. [link].
WS-SECURITY (2006). Web services security: Soap message security 1.1. OASIS Standard Specification. [link].
WS-SECURITYPOLICY (2007). Ws-securitypolicy 1.2. OASIS Standard. [link].
WS-TRUST (2007). Ws-trust 1.3. OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf.
XPATH (1999). Xml path language (xpath) version 1.0. W3C Recommendation. http://www.w3.org/TR/1999/REC-xpath-19991116.
ZHU, J., ZHOU, Y., e TONG, W. (2006). Access control on the composition of web services. In NWESP ’06: Proc. of the International Conference on Next Generation Web Services Practices, pages 89–93,Washington, DC, USA. IEEE Computer Society
CARMINATI, B., FERRARI, E., e HUNG, P. C. K. (2006). Security conscious web service composition. In ICWS’06: Proceedings of the IEEE International Conference on Web Services. IEEE.
CHARFI, A. e MEZINI, M. (2005). Using aspects for security engineering of web service compositions. In Proceedings of the 2005 IEEE International Conference on Web Services, volume I, pages 59–66. IEEE.
CHARFI, A., SCHEMLING, B., HEINZREDER, A., e MEZINI, M. (2006). Reliable, secure, and transacted web service compositions with ao4bpel. In Proceedings of the European Conference on Web Services (ECOWS’06). IEEE.
HUANG, D. (2005). Semantic policy-based security framework for business processes. In 4th International Semantic Web Conference.
PELTZ, C. (2003). Web services orchestration and choreography. IEEE Computer, 36(10):46–52.
ROUACHED, M. e GODART, C. (2007). Specification and verification of authorization policies for web services composition. In CAISE Forum, CEUR Workshop Proc.
SONG, H., Sun, Y., YIN, Y., e ZHENG, S. (2006). Dynamic weaving of security aspects in service composition. In Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering (SOSE’06). IEEE.
SRIVATSA, M., IYENGAR, A., MIKALSEN, T., ROUVELLOU, T., e YIN, J. (2007). An access control system for web service compositions. In Web Services, 2007. ICWS 2007. IEEE International Conference on.
WANGHAM, M. S., de MELLO, E. R., RABELLO, R., e FRAGA, J. S. (2005). Provendo garantias de segurança para formação de organizações virtuais. Gestão Avançada de Manufatura, 22:75–84.
WS-ADDRESSING (2006). Web services addressing 1.0 - core. W3C Recommendation. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-ARCHITECTURE (2004). Web services architecture. W3C Working Group Note. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/.
WS-BPEL (2007). Web services business process execution language version 2.0. OASIS Standard. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.
WS-CDL (2005). Web services choreography description language version 1.0. W3C Candidate Recommendation. http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109/.
WS-FEDERATION (2006). Web services federation language (ws-federation) version 1.1. [link].
WS-METADATAEXCHANGE (2006). Web services metadata exchange (wsmetadataexchange) version 1.1. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-POLICY (2007). Web services policy 1.5 - framework. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-20070904/.
WS-POLICYATTACHMENT (2007). Web services policy 1.5 - attachment. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/.
WS-SECURECONVERSATION (2007). Ws-secureconversation 1.3. OASIS Standard. [link].
WS-SECURITY (2006). Web services security: Soap message security 1.1. OASIS Standard Specification. [link].
WS-SECURITYPOLICY (2007). Ws-securitypolicy 1.2. OASIS Standard. [link].
WS-TRUST (2007). Ws-trust 1.3. OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf.
XPATH (1999). Xml path language (xpath) version 1.0. W3C Recommendation. http://www.w3.org/TR/1999/REC-xpath-19991116.
ZHU, J., ZHOU, Y., e TONG, W. (2006). Access control on the composition of web services. In NWESP ’06: Proc. of the International Conference on Next Generation Web Services Practices, pages 89–93,Washington, DC, USA. IEEE Computer Society
Published
2008-09-01
How to Cite
BÖGER, Davi da Silva; WANGHAM, Michelle S.; FRAGA, Joni; MAFRA, Paulo.
Um Modelo de Composição de Políticas de Qualidade de Proteção para Serviços Web Compostos. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 8. , 2008, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2008
.
p. 201-214.
DOI: https://doi.org/10.5753/sbseg.2008.20898.
