BPEL4PEOPLE Anti-Patterns: Discovering Authorization Constraint Anti-Patterns in Web Services
Resumo
Despite the abundance of analysis techniques to discover antipatterns in BPEL, there is hardly any support for authorization constraint errors in web services orchestrated by BPEL4People. Most techniques simply abstract from people (human user interactions), while people dependencies can be the source of all kinds of errors. This paper focuses on the discovery authorization constraint anti-patterns in web services orchestrated by BPEL4People. We present an analysis approach that is expressed in terms of rule card, the wellknown, stable, adaptable, and effective model-checking techniques can be used to discover authorization constraint errors. Moreover, our approach enables a seamless integration of control-flow and authorization constraint verification.
Referências
(2006). Verifying BPEL Workflows Under Authorisation Constraints, volume 4102 of Lecture Notes in Computer Science. Springer.
Bertino, E., Crampton, J., and Paci, F. (2006). Access control and authorization constraints for ws-bpel. In Web Services, 2006. ICWS ’06. International Conference on, pages 275–284.
Bianculli, D., Ghezzi, C., and Spoletini, P. (2007). A model checking approach to verify bpel4ws workflows. In Service-Oriented Computing and Applications, 2007. SOCA ’07. IEEE International Conference on, pages 13–20.
Dumas, M., van der Aalst, W. M., and ter Hofstede, A. H. (2005). Process-aware Information Systems: Bridging People and Software Through Process Technology. John Wiley & Sons, Inc., New York, NY, USA.
H.J.A Holanda, J. Merseguer, G. C. and Serra, A. B. (2010). Performance evaluation of web services orchestrated with ws-bpel4people. In International Journal of Computer Networks & Communications, volume 2, pages 117–134. AIRCC Publishing Corporation.
Holmes, T., Vasko, M., and Dustdar, S. (2008). Viebop: Extending bpel engines with bpel4people. In PDP, pages 547–555. IEEE Computer Society.
Ings, D., Clément, L., König, D., Mehta, V., Mueller, R., Rangaswamy, R., Rowley, M., and Trickovic, I. (2012). Web services human task (ws-humantask) specification version 1.1. OASIS Committee Specification Draft 12 / Public Review Draft 05.
Moha, N., Palma, F., Nayrolles, M., Conseil, B., Guéhéneuc, Y.-G., Baudry, B., and Jézéquel, J.-M. (2012). Specification and Detection of SOA Antipatterns. In Liu, C., Ludwig, H., Toumani, F., and Yu, Q., editors, Service-Oriented Computing, volume 7636 of Lecture Notes in Computer Science, pages 1–16. Springer Berlin Heidelberg.
Palma, F., Dubois, J., Moha, N., and Guéhéneuc, Y. (2014a). Detection of REST patterns and antipatterns: A heuristics-based approach. In Service-Oriented Computing - 12th International Conference, ICSOC 2014, Paris, France, November 3-6, 2014. Proceedings, volume 8831 of Lecture Notes in Computer Science, pages 230–244. Springer.
Palma, F., Moha, N., and Gueheneuc, Y.-G. (2013). Detection of process antipatterns: A bpel perspective. In Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2013 17th IEEE International, pages 173–177.
Palma, F., Moha, N., Tremblay, G., and Guéhéneuc, Y. (2014b). Specification and detection of SOA antipatterns in web services. In Software Architecture - 8th European Conference, ECSA 2014, Vienna, Austria, August 25-29, 2014. Proceedings, pages 58–73.
Sinnig, D., Gaffar, A., Reichart, D., Forbrig, P., and Seffah, A. (2005). Patterns in model-based engineering. In Jacob, R., Limbourg, Q., and Vanderdonckt, J., editors, Computer-Aided Design of User Interfaces IV, pages 197–210. Springer Netherlands.
Smith, C. U. and Williams, L. G. (2000). Software performance antipatterns. In Proceedings of the 2Nd International Workshop on Software and Performance, WOSP ’00, pages 127–136, New York, NY, USA. ACM.
Smith, C. U. and Williams, L. G. (2003). More new software antipatterns: Even more ways to shoot yourself in the foot. In 29th International Computer Measurement Group Conference, December 7-12, 2003, Dallas, Texas, USA, Proceedings, pages 717–725. Computer Measurement Group.
Bertino, E., Crampton, J., and Paci, F. (2006). Access control and authorization constraints for ws-bpel. In Web Services, 2006. ICWS ’06. International Conference on, pages 275–284.
Bianculli, D., Ghezzi, C., and Spoletini, P. (2007). A model checking approach to verify bpel4ws workflows. In Service-Oriented Computing and Applications, 2007. SOCA ’07. IEEE International Conference on, pages 13–20.
Dumas, M., van der Aalst, W. M., and ter Hofstede, A. H. (2005). Process-aware Information Systems: Bridging People and Software Through Process Technology. John Wiley & Sons, Inc., New York, NY, USA.
H.J.A Holanda, J. Merseguer, G. C. and Serra, A. B. (2010). Performance evaluation of web services orchestrated with ws-bpel4people. In International Journal of Computer Networks & Communications, volume 2, pages 117–134. AIRCC Publishing Corporation.
Holmes, T., Vasko, M., and Dustdar, S. (2008). Viebop: Extending bpel engines with bpel4people. In PDP, pages 547–555. IEEE Computer Society.
Ings, D., Clément, L., König, D., Mehta, V., Mueller, R., Rangaswamy, R., Rowley, M., and Trickovic, I. (2012). Web services human task (ws-humantask) specification version 1.1. OASIS Committee Specification Draft 12 / Public Review Draft 05.
Moha, N., Palma, F., Nayrolles, M., Conseil, B., Guéhéneuc, Y.-G., Baudry, B., and Jézéquel, J.-M. (2012). Specification and Detection of SOA Antipatterns. In Liu, C., Ludwig, H., Toumani, F., and Yu, Q., editors, Service-Oriented Computing, volume 7636 of Lecture Notes in Computer Science, pages 1–16. Springer Berlin Heidelberg.
Palma, F., Dubois, J., Moha, N., and Guéhéneuc, Y. (2014a). Detection of REST patterns and antipatterns: A heuristics-based approach. In Service-Oriented Computing - 12th International Conference, ICSOC 2014, Paris, France, November 3-6, 2014. Proceedings, volume 8831 of Lecture Notes in Computer Science, pages 230–244. Springer.
Palma, F., Moha, N., and Gueheneuc, Y.-G. (2013). Detection of process antipatterns: A bpel perspective. In Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2013 17th IEEE International, pages 173–177.
Palma, F., Moha, N., Tremblay, G., and Guéhéneuc, Y. (2014b). Specification and detection of SOA antipatterns in web services. In Software Architecture - 8th European Conference, ECSA 2014, Vienna, Austria, August 25-29, 2014. Proceedings, pages 58–73.
Sinnig, D., Gaffar, A., Reichart, D., Forbrig, P., and Seffah, A. (2005). Patterns in model-based engineering. In Jacob, R., Limbourg, Q., and Vanderdonckt, J., editors, Computer-Aided Design of User Interfaces IV, pages 197–210. Springer Netherlands.
Smith, C. U. and Williams, L. G. (2000). Software performance antipatterns. In Proceedings of the 2Nd International Workshop on Software and Performance, WOSP ’00, pages 127–136, New York, NY, USA. ACM.
Smith, C. U. and Williams, L. G. (2003). More new software antipatterns: Even more ways to shoot yourself in the foot. In 29th International Computer Measurement Group Conference, December 7-12, 2003, Dallas, Texas, USA, Proceedings, pages 717–725. Computer Measurement Group.
Publicado
22/07/2018
Como Citar
HOLANDA, Henrique J. A.; MARQUES, Carla K. de M.; PINTO, Francisca Aparecida P.; GUÉHÉNEUC, Yann-Gaël.
BPEL4PEOPLE Anti-Patterns: Discovering Authorization Constraint Anti-Patterns in Web Services. In: WORKSHOP SOBRE ASPECTOS SOCIAIS, HUMANOS E ECONÔMICOS DE SOFTWARE (WASHES), 3. , 2018, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 41-50.
ISSN 2763-874X.
DOI: https://doi.org/10.5753/washes.2018.3474.
