A SECURITY ARCHITECTURE FOR INTER- ORGANIZATIONAL WORKFLOWS - Putting Security Standards for Web Services together

Michael Hafner, Ruth Breu, Michael Breu

Abstract

Modern eBusiness processes are spanning over a set of public authorities and private corporations. Those processes require high security principles, rooted on open standards. The SECTINO project follows the paradigm of model driven security architecture: High level business-oriented security requirements for inter-organizational workflows are translated into a configuration for a standards based target architecture. The target architecture encapsulates a set of core web services, links them via a workflow engine, and guards them by imposing specified security policies.

References

  1. Alam, M., Breu, M., Breu, R. 2004. Model Driven Security for Web Services, INMIC 04, 8th International Multitopic Conference, Lahore, Pakistan
  2. Amsden, J., Gardner, T., Griffin, C. 2004. Draft UML 1.4 profile for automated business processes with a mapping to BPEL 1.0. See http://www-128. ibm.com/developerworks/rational/library/4593.html
  3. Andrews, T., et al. 2003. Specification: Business Process Execution Language for Web Services V. 1.1. See http://www-128.ibm.com/developerworks/library/wsbpel/
  4. Bajaj, S., et al. 2004. Web Services Policy Framework (WS-Policy) September 2004. See: ftp://www6.software.ibm.com/software/developer/libr ary/ws-policy.pdf
  5. Breu, R., Hafner, M., Weber, B., Alam, M. Breu, M. 2004a. Towards Model Driven Security of Inter-Organizational Workflows. In: Proceedings of the Workshops on Specification and Automated Processing of Security Requirements (SAPS2004), pp. 255-267.
  6. Breu, R., Hafner, M., Weber, B., Novak, A. 2004b. Model Driven Security for Inter-Organizational Workflows in e-Government. TED Conference on e-Government, Bozen, 2005.
  7. Breu, R., Hafner, M., Weber, B. 2004c. Modeling and Realizing Security-Critical Inter-Organizational Workflows. In: W. Dosch, N. Debnath (Eds.), Proceedings IASSE 2004, ISCA, ISBN 1-880843-52-X.
  8. BSI, Bundesamt für Sicherheit in der Informationstechnik, Fachkonzept für die virtuelle Poststelle, 30. May 2003, See: http://www.bsi.de/fachthem/egov/download /6_VPS_FKP.pdf
  9. Christensen, E., Curbera, F., Meredith, G., Weerawarana, S. 2001. Web Services Description Language (WSDL) 1.1. See: http://www.w3.org/TR/wsdl
  10. Eastlake, D. (ed.), et al. 2002a. XML-Signature Syntax and Processing. W3C Recommendation 12 February 2002. See: http://www.w3.org/TR/xmldsig-core/
  11. Eastlake, D. (ed.), et al. 2002b. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002. See: http://www.w3.org/TR/2002/REC-xmlenccore-20021210/
  12. E-Government Gesetz der Bundesrepublik Österreich, See http://www.parlament.gv.at/portal/page? pageid=908, 145843&_dad=portal&_schema=PORTAL
  13. Gutiérez, C., Fernández-Medina, E., Piattini, M. 2004. Web Service Security: is the Problem solved? In Proceedings of the 2nd International Workshop on Security In Information Systems, WOSIS 2004, In conjunction with ICEIS 2004, Porto, Portugal.
  14. IBM and Microsoft. 2002. Security in a Web Services World: A Proposed Architecture and Roadmap. A joint security whitepaper from IBM Corporation and Microsoft Corporation. April 7, 2002, Version 1.0. See: http://www-106.ibm.com/developerworks/ webservices/library/ws-secmap/
  15. Lodderstedt, T., Basin, D., Doser, J. 2002. SecureUML: A UML-Based Modeling Language for Model-Driven Security, in LNCS 2460, Jezequel, J.M.; Hussman, H.; Cook, S. (eds.) Proceedings of the 5th International Conference on The Unified Modeling Language, pp. 426-441.
  16. Mishra, P. (ed.), et al. 2004. Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0 Committee Draft 02, 24 September 2. See: http://www.oasis-open.org/committees/download .php/9452/sstc-saml-conformance-2.0-cd-02.pdf
  17. Mitra, N., 2003. SOAP Version 1.2 Part 1: Messaging Framework, W3C Recommendation 24 June 2003. See http://www.w3.org/TR/2003/REC-soap12-part1- 20030624
  18. Moses, T. (ed.), et. al. 2003. XACML Profile for WebServices. XACML TC Working draft, Version 04. September 29, 2003. See: http://www.oasis-open.org /committees/download.php/3661/draft-xacml-wspl-04- 1.pdf
  19. Moses, T. (ed.). 2004. eXtensible Access Control Markup Language (XACML) Version 2.0. Committee draft 02, 30 Sep 2004. See: http://docs.oasis-open.org/ xacml/access_control-xacml-2_0-core-spec-cd-02.pdf
  20. Nadalin, A., Kaler, C., Hallam-Baker, P, Monzillo, R., 2004. Web Services Security: SOAP Message Security 1.0 (WS Security 2004), OASIS Standard 200401, March 2004. See http://docs.oasis-open.org/wss/- 2004/01/oasis-200401-wss-soap-message-security1.0.pdf
  21. Apache WSS4J. See: http://ws.apache.org/ws-fx/wss4j/
  22. OMG. 2004. UML 2.0 OCL Specification. See: http://www.omg.org/docs/ptc/03-10-14.pdf
  23. Sandhu, E.S., Coyne, E.J., Feinstein, H.L., Youman, C.E. 1996. Role-based access control models, IEEE Computer, 29(2):38-47.
  24. Van der Aalst, W.M.P. 2000. Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries. In: Information and Management 37 (2000) 2, pp. 67-75.
  25. Vasiu, L., Donciulescu, C. 2004. A Requirement for a XML Web Services Security Architecture, in ICEIS 2004, Proceedings of the 6th International Conference on Enterprise Information Systems, Porto.
Download


Paper Citation


in Harvard Style

Hafner M., Breu R. and Breu M. (2005). A SECURITY ARCHITECTURE FOR INTER- ORGANIZATIONAL WORKFLOWS - Putting Security Standards for Web Services together . In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-19-8, pages 128-135. DOI: 10.5220/0002514401280135


in Bibtex Style

@conference{iceis05,
author={Michael Hafner and Ruth Breu and Michael Breu},
title={A SECURITY ARCHITECTURE FOR INTER- ORGANIZATIONAL WORKFLOWS - Putting Security Standards for Web Services together},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2005},
pages={128-135},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002514401280135},
isbn={972-8865-19-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - A SECURITY ARCHITECTURE FOR INTER- ORGANIZATIONAL WORKFLOWS - Putting Security Standards for Web Services together
SN - 972-8865-19-8
AU - Hafner M.
AU - Breu R.
AU - Breu M.
PY - 2005
SP - 128
EP - 135
DO - 10.5220/0002514401280135