Um Modelo de Composição de Políticas de Qualidade de Proteção para Serviços Web Compostos
Resumo
As linguagens de descrição de composição de Serviços Web tratam especificamente da definição da lógica dos processos de negócio e não dão suporte a especificação dos aspectos de segurança dos Serviços Web envolvidos. Este artigo define um modelo que, com o auxílio do padrão WS-Policy e das linguagens WS-BPEL e WS-CDL, promove a verificação preliminar da compatibilidade das políticas de qualidade de proteção dos participantes de um processo de negócio e constrói a política composta do processo.
Referências
CARMINATI, B., FERRARI, E., e HUNG, P. C. K. (2005). Web service composition: A security perspective. In Proceedings WIRI, pages 248–253.
CARMINATI, B., FERRARI, E., e HUNG, P. C. K. (2006). Security conscious web service composition. In ICWS’06: Proceedings of the IEEE International Conference on Web Services. IEEE.
CHARFI, A. e MEZINI, M. (2005). Using aspects for security engineering of web service compositions. In Proceedings of the 2005 IEEE International Conference on Web Services, volume I, pages 59–66. IEEE.
CHARFI, A., SCHEMLING, B., HEINZREDER, A., e MEZINI, M. (2006). Reliable, secure, and transacted web service compositions with ao4bpel. In Proceedings of the European Conference on Web Services (ECOWS’06). IEEE.
HUANG, D. (2005). Semantic policy-based security framework for business processes. In 4th International Semantic Web Conference.
PELTZ, C. (2003). Web services orchestration and choreography. IEEE Computer, 36(10):46–52.
ROUACHED, M. e GODART, C. (2007). Specification and verification of authorization policies for web services composition. In CAISE Forum, CEUR Workshop Proc.
SONG, H., Sun, Y., YIN, Y., e ZHENG, S. (2006). Dynamic weaving of security aspects in service composition. In Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering (SOSE’06). IEEE.
SRIVATSA, M., IYENGAR, A., MIKALSEN, T., ROUVELLOU, T., e YIN, J. (2007). An access control system for web service compositions. In Web Services, 2007. ICWS 2007. IEEE International Conference on.
WANGHAM, M. S., de MELLO, E. R., RABELLO, R., e FRAGA, J. S. (2005). Provendo garantias de segurança para formação de organizações virtuais. Gestão Avançada de Manufatura, 22:75–84.
WS-ADDRESSING (2006). Web services addressing 1.0 - core. W3C Recommendation. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-ARCHITECTURE (2004). Web services architecture. W3C Working Group Note. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/.
WS-BPEL (2007). Web services business process execution language version 2.0. OASIS Standard. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.
WS-CDL (2005). Web services choreography description language version 1.0. W3C Candidate Recommendation. http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109/.
WS-FEDERATION (2006). Web services federation language (ws-federation) version 1.1. [link].
WS-METADATAEXCHANGE (2006). Web services metadata exchange (wsmetadataexchange) version 1.1. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-POLICY (2007). Web services policy 1.5 - framework. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-20070904/.
WS-POLICYATTACHMENT (2007). Web services policy 1.5 - attachment. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/.
WS-SECURECONVERSATION (2007). Ws-secureconversation 1.3. OASIS Standard. [link].
WS-SECURITY (2006). Web services security: Soap message security 1.1. OASIS Standard Specification. [link].
WS-SECURITYPOLICY (2007). Ws-securitypolicy 1.2. OASIS Standard. [link].
WS-TRUST (2007). Ws-trust 1.3. OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf.
XPATH (1999). Xml path language (xpath) version 1.0. W3C Recommendation. http://www.w3.org/TR/1999/REC-xpath-19991116.
ZHU, J., ZHOU, Y., e TONG, W. (2006). Access control on the composition of web services. In NWESP ’06: Proc. of the International Conference on Next Generation Web Services Practices, pages 89–93,Washington, DC, USA. IEEE Computer Society
CARMINATI, B., FERRARI, E., e HUNG, P. C. K. (2006). Security conscious web service composition. In ICWS’06: Proceedings of the IEEE International Conference on Web Services. IEEE.
CHARFI, A. e MEZINI, M. (2005). Using aspects for security engineering of web service compositions. In Proceedings of the 2005 IEEE International Conference on Web Services, volume I, pages 59–66. IEEE.
CHARFI, A., SCHEMLING, B., HEINZREDER, A., e MEZINI, M. (2006). Reliable, secure, and transacted web service compositions with ao4bpel. In Proceedings of the European Conference on Web Services (ECOWS’06). IEEE.
HUANG, D. (2005). Semantic policy-based security framework for business processes. In 4th International Semantic Web Conference.
PELTZ, C. (2003). Web services orchestration and choreography. IEEE Computer, 36(10):46–52.
ROUACHED, M. e GODART, C. (2007). Specification and verification of authorization policies for web services composition. In CAISE Forum, CEUR Workshop Proc.
SONG, H., Sun, Y., YIN, Y., e ZHENG, S. (2006). Dynamic weaving of security aspects in service composition. In Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering (SOSE’06). IEEE.
SRIVATSA, M., IYENGAR, A., MIKALSEN, T., ROUVELLOU, T., e YIN, J. (2007). An access control system for web service compositions. In Web Services, 2007. ICWS 2007. IEEE International Conference on.
WANGHAM, M. S., de MELLO, E. R., RABELLO, R., e FRAGA, J. S. (2005). Provendo garantias de segurança para formação de organizações virtuais. Gestão Avançada de Manufatura, 22:75–84.
WS-ADDRESSING (2006). Web services addressing 1.0 - core. W3C Recommendation. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-ARCHITECTURE (2004). Web services architecture. W3C Working Group Note. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/.
WS-BPEL (2007). Web services business process execution language version 2.0. OASIS Standard. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.
WS-CDL (2005). Web services choreography description language version 1.0. W3C Candidate Recommendation. http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109/.
WS-FEDERATION (2006). Web services federation language (ws-federation) version 1.1. [link].
WS-METADATAEXCHANGE (2006). Web services metadata exchange (wsmetadataexchange) version 1.1. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509.
WS-POLICY (2007). Web services policy 1.5 - framework. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-20070904/.
WS-POLICYATTACHMENT (2007). Web services policy 1.5 - attachment. W3C Recommendation. http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/.
WS-SECURECONVERSATION (2007). Ws-secureconversation 1.3. OASIS Standard. [link].
WS-SECURITY (2006). Web services security: Soap message security 1.1. OASIS Standard Specification. [link].
WS-SECURITYPOLICY (2007). Ws-securitypolicy 1.2. OASIS Standard. [link].
WS-TRUST (2007). Ws-trust 1.3. OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf.
XPATH (1999). Xml path language (xpath) version 1.0. W3C Recommendation. http://www.w3.org/TR/1999/REC-xpath-19991116.
ZHU, J., ZHOU, Y., e TONG, W. (2006). Access control on the composition of web services. In NWESP ’06: Proc. of the International Conference on Next Generation Web Services Practices, pages 89–93,Washington, DC, USA. IEEE Computer Society
Publicado
01/09/2008
Como Citar
BÖGER, Davi da Silva; WANGHAM, Michelle S.; FRAGA, Joni; MAFRA, Paulo.
Um Modelo de Composição de Políticas de Qualidade de Proteção para Serviços Web Compostos. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 8. , 2008, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2008
.
p. 201-214.
DOI: https://doi.org/10.5753/sbseg.2008.20898.
