论文信息 - Privacy Against the Business Partner: Issues for Realizing End-to-End Confidentiality in Web Service Compositions

Privacy Against the Business Partner: Issues for Realizing End-to-End Confidentiality in Web Service Compositions

For service-oriented business processes, an important security requirement is confidentiality of transmitted data. Here, existing Web Services security standards provide suitable solutions for single invocations, but fail to cover service composition scenarios properly, especially for securing business process data against partners.In this paper, we investigate the issues regarding the realization of process level confidentiality in WS-BPEL-based Web Service compositions.

Nils Gruschka | Meiko Jensen

[1] Nils Gruschka,et al. Event-Based SOAP Message Validation for WS-SecurityPolicy-Enriched Web Services , 2006, SWWS.

[2] Jean Jacques Moreau,et al. SOAP Version 1. 2 Part 1: Messaging Framework , 2003 .

[3] Nils Gruschka,et al. WS-SecurityPolicy Decision and Enforcement for Web Service Firewalls , 2006 .

[4] Andrew D. Gordon,et al. Verifying policy-based security for web services , 2004, CCS '04.

[5] Fabio Massacci,et al. From Early Requirements Analysis towards Secure Workflows , 2007, IFIPTM.

[6] Meiko Jensen,et al. A Security Modeling Approach for Web-Service-Based Business Processes , 2009, 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems.

[7] Mira Mezini,et al. Management Requirements of Web Service Compositions , 2007, WEWST.

[8] Mira Mezini,et al. Using aspects for security engineering of Web service compositions , 2005, IEEE International Conference on Web Services (ICWS'05).

[9] Giovanni Della-Libera,et al. Web Services Security Policy Language (WS-SecurityPolicy) , 2002 .

[10] Marc Hadley,et al. Web Services Addressing 1.0 - SOAP Binding , 2005 .

[11] Nils Gruschka,et al. Event-based application of ws-security policy on soap messages , 2007, SWS '07.

[12] Francisco Curbera,et al. Web Services Business Process Execution Language Version 2.0 , 2007 .

[13] Mark O'Neill,et al. Web Services Security , 2003 .

[14] Andy Clark,et al. A stream-based implementation of XML encryption , 2002, XMLSEC '02.

[15] Phillip Hallam-Baker,et al. Web services security: soap message security , 2003 .

[16] Mira Mezini,et al. Middleware services for web service compositions , 2005, WWW '05.