Abstracting and Enforcing Web Service Protocols

Web services are emerging as a promising technology for the automation of inter-organizational interactions. As technology matures and the foundations of Web services become more solid, users will start to demand tools that facilitate the service development lifecycle. It is only when such tools become available that novel technologies become applied and enter the mainstream, since the complexity, cost and time necessary to deploy and manage solutions is dramatically reduced. In this paper, we present a framework and a tool that support the model-driven development of Web services. The idea consists in identifying key Web services abstractions, in addition to those of basic Web services standards, that enable the description of service policies and properties that are useful in practice. In this paper, we focus on service protocols, and specifically on conversation and trust negotiation protocols. These protocols are modeled by means of graphical tools and high-level languages so that they are easy to specify, understand, and evolve. The tools also support the automatic generation of service implementation skeletons based on these abstractions, manage the entire service lifecycle, and provide run-time support to verify that the interaction among clients and services occur in compliance with the specified policies.

[1]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[2]  Fabio Casati,et al.  Workflow Evolution , 1996, ER.

[3]  Luigi Lavazza,et al.  Deriving executable process descriptions from UML , 2002, ICSE '02.

[4]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Fabio Casati,et al.  Conceptual Modeling of Web Service Conversations , 2003, CAiSE.

[6]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Elisa Bertino,et al.  On specifying security policies for web documents with an XML-based language , 2001, SACMAT '01.

[8]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[9]  Fabio Casati,et al.  Model-Driven Trust Negotiation for Web Services , 2003, IEEE Internet Comput..

[10]  Jianwen Su,et al.  E-services: a look behind the curtain , 2003, PODS.

[11]  Santhosh Kumaran,et al.  A model-driven transformation method , 2003, Seventh IEEE International Enterprise Distributed Object Computing Conference, 2003. Proceedings..

[12]  Mike P. Papazoglou,et al.  Introduction: Service-oriented computing , 2003, CACM.

[13]  Diego Calvanese,et al.  Automatic Composition of E-services That Export Their Behavior , 2003, ICSOC.

[14]  Quan Z. Sheng,et al.  SELF-SERV: A Platform for Rapid Composition of Web Services in a Peer-to-Peer Environment , 2002, VLDB.

[15]  Krishnamurthy Srinivasan,et al.  E-Business Process Modeling: The Next Big Step , 2002, Computer.

[16]  Xiang Fu,et al.  Conversation specification: a new approach to design and analysis of e-service composition , 2003, WWW '03.

[17]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[18]  Fabio Casati,et al.  Model-Driven Web Service Development , 2004, CAiSE.

[19]  Quan Z. Sheng,et al.  The Self-Serv Environment for Web Services Composition , 2003, IEEE Internet Comput..

[20]  Gustavo Alonso,et al.  Atomicity and isolation for transactional processes , 2002, TODS.

[21]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[22]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[23]  Lidia Fuentes,et al.  Adding Roles to CORBA Objects , 2003, IEEE Trans. Software Eng..

[24]  Fabio Casati,et al.  Trust-serv: model-driven lifecycle management of trust negotiation policies for web services , 2004, WWW '04.

[25]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[26]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[27]  Panos K. Chrysanthis,et al.  Database schema evolution using EVER diagrams , 1994, AVI '94.

[28]  Fabio Casati,et al.  Web service conversation modeling: a cornerstone for e-business automation , 2004, IEEE Internet Computing.

[29]  Sanjiva Weerawarana,et al.  Unraveling the Web services web: an introduction to SOAP, WSDL, and UDDI , 2002, IEEE Internet Computing.

[30]  Elisa Bertino,et al.  /spl Xscr/-TNL: an XML-based language for trust negotiations , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.