Sound development of secure service-based systems
Proceedings of the 2nd international conference on Service oriented computing
Specification and querying of security constraints in the EFSOC framework
Proceedings of the 2nd international conference on Service oriented computing
EFSOC: A Layered Framework for Developing Secure Interactions between Web-Services
Distributed and Parallel Databases
| Hi-index | 0.00 |
Service Oriented Computing (SOC) demands an infrastructurethat seamlessly integrates all connection points betweenbusiness processes, services and associated supportresources. Parts of the infrastructure may be supported byexisting standards such as XACML and BPEL. However, anintegral and sound framework that takes into account allthese issues and serves as the formal underpinning of thisinfrastructure is currently lacking. A multi-facetted frameworkto enforce minimal levels of security not only at thelevel of the network (e.g., using encryption), but also ofbusiness processes, is of paramount importance.To address this challenge, we explore an Event-drivenFramework for Service Oriented Computing (EFSOC) thatis organized in four tiers: the event tier, the business processtier, the resource tier, and the access control tier. The eventtier encompasses de.nitions of business-related events, andsupports their propagation throughout the business processflow. The business process tier specifies the dynamic interactionsbetween business processes and services. The resourcetier describes how service invocations interact withorganizational resources, while the access control tier defines access roles that are allowed to invoke certain services.