F. Lins, J. Damasceno, Bruno Silva, Robson W. A. Medeiros, Andre R. R. Souza, Fabricio Teles, David Aragão, E. Sousa, N. Rosa, Bryan Stephenson, H. M. Nezhad, Jun Yu Li
{"title":"Towards an approach to design and enforce security in web service composition","authors":"F. Lins, J. Damasceno, Bruno Silva, Robson W. A. Medeiros, Andre R. R. Souza, Fabricio Teles, David Aragão, E. Sousa, N. Rosa, Bryan Stephenson, H. M. Nezhad, Jun Yu Li","doi":"10.1504/IJWET.2012.050966","DOIUrl":null,"url":null,"abstract":"Modelling and enforcing security requirements is an important but challenging task in web service composition. However, the explicit treatment of security requirements is challenging for many reasons: diversity of security background of involved stakeholders, absence or complexity of notations to express security requirements, complexity of mapping security requirements into security mechanisms and enforcing them at runtime. Existing work often delays considering the security requirements until the implementation and execution. We present an approach to design and enforce security in web service composition. By adopting the proposed approach, security requirements are incorporated during the business process definition and service composition code generation, and enforced at runtime. The proposed approach is supported by a set of tools that allows annotating business processes with security requirements, refining the security annotated business process and enforcing security annotations at execution time. We showcase an illustrative application to demonstrate the proposed approach and developed tools.","PeriodicalId":396746,"journal":{"name":"Int. J. Web Eng. Technol.","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Web Eng. Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJWET.2012.050966","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Modelling and enforcing security requirements is an important but challenging task in web service composition. However, the explicit treatment of security requirements is challenging for many reasons: diversity of security background of involved stakeholders, absence or complexity of notations to express security requirements, complexity of mapping security requirements into security mechanisms and enforcing them at runtime. Existing work often delays considering the security requirements until the implementation and execution. We present an approach to design and enforce security in web service composition. By adopting the proposed approach, security requirements are incorporated during the business process definition and service composition code generation, and enforced at runtime. The proposed approach is supported by a set of tools that allows annotating business processes with security requirements, refining the security annotated business process and enforcing security annotations at execution time. We showcase an illustrative application to demonstrate the proposed approach and developed tools.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
