Web services choreography is used to design peer-to-peer applications where each peer is potentially a Web service. It defines the required behavior of participating Web services along with their interactions through message exchanges. Implementing a complex system described by a choreography requires selecting actual Web services whose individual behaviors are compatible with the overall behavior described by the choreography. Although the selected Web services implement the specified behavior, they may not be able to interact due to the policies they enforce to protect their resources. A Web service'resource can be an operation or a credential type to be submitted to be able to invoke an operation. In this paper, we propose a novel approach to determine at design time whether a choreography can be implemented by a set of Web services based on their access control policies and the disclosure policies regulating the release of their credentials. We model both Web services and Web services choreography as transition systems and represent Web services credential disclosure policies as directed graphs. We then verify that all possible conversations of the Web services choreography can be implemented by matching credential disclosure policies of the invoker Web service with the access control policy of the Web services being invoked. We propose a resource release graph to enable this verification. © 2008 IEEE.
Verification of access control requirements in web services choreography / Federica, Paci; Mourad, Ouzzani; Mecella, Massimo. - 1:(2008), pp. 5-12. (Intervento presentato al convegno 2008 IEEE International Conference on Services Computing, SCC 2008 tenutosi a Honolulu, HI nel 7 July 2008 through 11 July 2008) [10.1109/scc.2008.116].
Verification of access control requirements in web services choreography
MECELLA, Massimo
2008
Abstract
Web services choreography is used to design peer-to-peer applications where each peer is potentially a Web service. It defines the required behavior of participating Web services along with their interactions through message exchanges. Implementing a complex system described by a choreography requires selecting actual Web services whose individual behaviors are compatible with the overall behavior described by the choreography. Although the selected Web services implement the specified behavior, they may not be able to interact due to the policies they enforce to protect their resources. A Web service'resource can be an operation or a credential type to be submitted to be able to invoke an operation. In this paper, we propose a novel approach to determine at design time whether a choreography can be implemented by a set of Web services based on their access control policies and the disclosure policies regulating the release of their credentials. We model both Web services and Web services choreography as transition systems and represent Web services credential disclosure policies as directed graphs. We then verify that all possible conversations of the Web services choreography can be implemented by matching credential disclosure policies of the invoker Web service with the access control policy of the Web services being invoked. We propose a resource release graph to enable this verification. © 2008 IEEE.| File | Dimensione | Formato | |
|---|---|---|---|
|
VE_2008_11573-56346.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
283.9 kB
Formato
Adobe PDF
|
283.9 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
