Checking Compatibility and Replaceability in Web Services Business Protocols with Access Control

Recently, most enterprises adapt Web services technologies for designing and building complex inter-enterprise business applications. These applications are built by the coordination between set of Web services. Therefore, checking the compatibility between two services to guarantee that they can interact correctly is an important issue. In case of service update or replacement, there is a need for checking the replaceability to ensure that the new service is compatible with all the services which were compatible with the replaced one. These two type of checking are based on the services descriptions. Enriching services descriptions by including their behaviours is becoming more and more important. This behaviour can be described by business protocols representing the possible sequences of message exchanges. Since a lot of Web services use access control policies to restrict the access to authorized consumers, these policies should be a part of the service description. Checking compatibility and replaceability between Web services by analyzing their business protocols after assigning the access control policies is the main contribution of this work. Access control policies will be presented using ontology.

[1]  Werner Nutt,et al.  Basic Description Logics , 2003, Description Logic Handbook.

[2]  Armando Fox,et al.  Interoperability Among Independently Evolving Web Services , 2004, Middleware.

[3]  Mike P. Papazoglou,et al.  Service oriented architectures: approaches, technologies and research issues , 2007, The VLDB Journal.

[4]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[5]  Fabio Casati,et al.  Model-Driven Web Service Development , 2004, CAiSE.

[6]  Marianne Winslett,et al.  Ontology-Based Policy Specification and Management , 2005, ESWC.

[7]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[8]  Fabio Casati,et al.  Web service conversation modeling: a cornerstone for e-business automation , 2004, IEEE Internet Computing.

[9]  Huajun Chen,et al.  The Semantic Web , 2011, Lecture Notes in Computer Science.

[10]  Elisa Bertino,et al.  Ws-AC: A Fine Grained Access Control System for Web Services , 2006, World Wide Web.

[11]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Fabio Casati,et al.  Representing, analysing and managing Web service protocols , 2006, Data Knowl. Eng..

[13]  Giuseppe De Giacomo,et al.  Automatic web services composition in trustaware communities , 2006, SWS '06.

[14]  Massimo Mecella,et al.  Finite State Automata as Conceptual Model for E-Services , 2004, Trans. SDPS.

[15]  Elisa Bertino,et al.  Access control enforcement for conversation-based web services , 2006, WWW '06.

[16]  Thomas A. Henzinger,et al.  Web service interfaces , 2005, WWW '05.

[17]  Fabio Casati,et al.  Analysis and Management of Web Service Protocols , 2004, ER.

[18]  Mudhakar Srivatsa,et al.  An Access Control System for Web Service Compositions , 2007, IEEE International Conference on Web Services (ICWS 2007).

[19]  Jorge Cardoso,et al.  Semantic Web Services: Theory, Tools and Applications , 2007 .

[20]  Xiang Fu,et al.  Conversation specification: a new approach to design and analysis of e-service composition , 2003, WWW '03.

[21]  Fabio Casati,et al.  On Temporal Abstractions of Web Service Protocols , 2005, CAiSE Short Paper Proceedings.

[22]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[23]  T. Bultan Modeling Interactions of Web Software , 2006, 2nd International Workshop on Automated Specification and Verification of Web Systems (WWV'06).

[24]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[25]  Jianwen Su,et al.  E-services: a look behind the curtain , 2003, PODS.

[26]  Massimo Mecella,et al.  When are Two Web Services Compatible? , 2004, TES.

[27]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[28]  Chao Cai,et al.  Towards the theoretical foundation of choreography , 2007, WWW '07.

[29]  Raman Kazhamiakin,et al.  Timed modelling and analysis in Web service compositions , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[30]  Xiang Fu,et al.  Conversation protocols: a formalism for specification and verification of reactive electronic services , 2003, Theor. Comput. Sci..

[31]  Fabio Casati,et al.  Fine-Grained Compatibility and Replaceability Analysis of Timed Web Service Protocols , 2007, ER.

[32]  Fabio Casati,et al.  Compatibility and replaceability analysis for timed web service protocols , 2005, BDA.

[33]  Erich J. Neuhold,et al.  Matchmaking for Business Processes Based on Choreographies , 2004, Int. J. Web Serv. Res..

[34]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[35]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[36]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[37]  Massimo Mecella,et al.  Verification of Access Control Requirements in Web Services Choreography , 2008, 2008 IEEE International Conference on Services Computing.

[38]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.