Verification of access control requirements in web services choreography

Federica Paci, Mourad Ouzzani, Massimo Mecella

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

Web services choreography is used to design peer-to-peer applications where each peer is potentially a Web service. It defines the required behavior of participating Web services along with their interactions through message exchanges. Implementing a complex system described by a choreography requires selecting actual Web services whose individual behaviors are compatible with the overall behavior described by the choreography. Although the selected Web services implement the specified behavior, they may not be able to interact due to the policies they enforce to protect their resources. A Web service'resource can be an operation or a credential type to be submitted to be able to invoke an operation. In this paper, we propose a novel approach to determine at design time whether a choreography can be implemented by a set of Web services based on their access control policies and the disclosure policies regulating the release of their credentials. We model both Web services and Web services choreography as transition systems and represent Web services credential disclosure policies as directed graphs. We then verify that all possible conversations of the Web services choreography can be implemented by matching credential disclosure policies of the invoker Web service with the access control policy of the Web services being invoked. We propose a resource release graph to enable this verification.

Original languageEnglish
Title of host publicationProceedings - 2008 IEEE International Conference on Services Computing, SCC 2008
Pages5-12
Number of pages8
Volume1
DOIs
Publication statusPublished - 19 Sep 2008
Externally publishedYes
Event2008 IEEE International Conference on Services Computing, SCC 2008 - Honolulu, HI, United States
Duration: 7 Jul 200811 Jul 2008

Other

Other2008 IEEE International Conference on Services Computing, SCC 2008
CountryUnited States
CityHonolulu, HI
Period7/7/0811/7/08

Fingerprint

Access control
Web services
Directed graphs
Large scale systems

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture

Cite this

Paci, F., Ouzzani, M., & Mecella, M. (2008). Verification of access control requirements in web services choreography. In Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008 (Vol. 1, pp. 5-12). [4578443] https://doi.org/10.1109/SCC.2008.116

Verification of access control requirements in web services choreography. / Paci, Federica; Ouzzani, Mourad; Mecella, Massimo.

Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008. Vol. 1 2008. p. 5-12 4578443.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Paci, F, Ouzzani, M & Mecella, M 2008, Verification of access control requirements in web services choreography. in Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008. vol. 1, 4578443, pp. 5-12, 2008 IEEE International Conference on Services Computing, SCC 2008, Honolulu, HI, United States, 7/7/08. https://doi.org/10.1109/SCC.2008.116
Paci F, Ouzzani M, Mecella M. Verification of access control requirements in web services choreography. In Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008. Vol. 1. 2008. p. 5-12. 4578443 https://doi.org/10.1109/SCC.2008.116
Paci, Federica ; Ouzzani, Mourad ; Mecella, Massimo. / Verification of access control requirements in web services choreography. Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008. Vol. 1 2008. pp. 5-12
@inproceedings{8c4c63a86acd40ba9f8bd7797c4528cd,
title = "Verification of access control requirements in web services choreography",
abstract = "Web services choreography is used to design peer-to-peer applications where each peer is potentially a Web service. It defines the required behavior of participating Web services along with their interactions through message exchanges. Implementing a complex system described by a choreography requires selecting actual Web services whose individual behaviors are compatible with the overall behavior described by the choreography. Although the selected Web services implement the specified behavior, they may not be able to interact due to the policies they enforce to protect their resources. A Web service'resource can be an operation or a credential type to be submitted to be able to invoke an operation. In this paper, we propose a novel approach to determine at design time whether a choreography can be implemented by a set of Web services based on their access control policies and the disclosure policies regulating the release of their credentials. We model both Web services and Web services choreography as transition systems and represent Web services credential disclosure policies as directed graphs. We then verify that all possible conversations of the Web services choreography can be implemented by matching credential disclosure policies of the invoker Web service with the access control policy of the Web services being invoked. We propose a resource release graph to enable this verification.",
author = "Federica Paci and Mourad Ouzzani and Massimo Mecella",
year = "2008",
month = "9",
day = "19",
doi = "10.1109/SCC.2008.116",
language = "English",
isbn = "9780769532837",
volume = "1",
pages = "5--12",
booktitle = "Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008",

}

TY - GEN

T1 - Verification of access control requirements in web services choreography

AU - Paci, Federica

AU - Ouzzani, Mourad

AU - Mecella, Massimo

PY - 2008/9/19

Y1 - 2008/9/19

N2 - Web services choreography is used to design peer-to-peer applications where each peer is potentially a Web service. It defines the required behavior of participating Web services along with their interactions through message exchanges. Implementing a complex system described by a choreography requires selecting actual Web services whose individual behaviors are compatible with the overall behavior described by the choreography. Although the selected Web services implement the specified behavior, they may not be able to interact due to the policies they enforce to protect their resources. A Web service'resource can be an operation or a credential type to be submitted to be able to invoke an operation. In this paper, we propose a novel approach to determine at design time whether a choreography can be implemented by a set of Web services based on their access control policies and the disclosure policies regulating the release of their credentials. We model both Web services and Web services choreography as transition systems and represent Web services credential disclosure policies as directed graphs. We then verify that all possible conversations of the Web services choreography can be implemented by matching credential disclosure policies of the invoker Web service with the access control policy of the Web services being invoked. We propose a resource release graph to enable this verification.

AB - Web services choreography is used to design peer-to-peer applications where each peer is potentially a Web service. It defines the required behavior of participating Web services along with their interactions through message exchanges. Implementing a complex system described by a choreography requires selecting actual Web services whose individual behaviors are compatible with the overall behavior described by the choreography. Although the selected Web services implement the specified behavior, they may not be able to interact due to the policies they enforce to protect their resources. A Web service'resource can be an operation or a credential type to be submitted to be able to invoke an operation. In this paper, we propose a novel approach to determine at design time whether a choreography can be implemented by a set of Web services based on their access control policies and the disclosure policies regulating the release of their credentials. We model both Web services and Web services choreography as transition systems and represent Web services credential disclosure policies as directed graphs. We then verify that all possible conversations of the Web services choreography can be implemented by matching credential disclosure policies of the invoker Web service with the access control policy of the Web services being invoked. We propose a resource release graph to enable this verification.

UR - http://www.scopus.com/inward/record.url?scp=51749118702&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51749118702&partnerID=8YFLogxK

U2 - 10.1109/SCC.2008.116

DO - 10.1109/SCC.2008.116

M3 - Conference contribution

SN - 9780769532837

VL - 1

SP - 5

EP - 12

BT - Proceedings - 2008 IEEE International Conference on Services Computing, SCC 2008

ER -