Skip to main content
SpringerLink
Log in
Book cover

International Conference on Model Driven Engineering Languages and Systems

MODELS 2005: Model Driven Engineering Languages and Systems pp 39–53Cite as

Realizing Model Driven Security for Inter-organizational Workflows with WS-CDL and UML 2.0

Bringing Web Services, Security and UML Together

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3713))

Abstract

The growing popularity of standards related to Web services, Web services security and workflows boosted the implementation of powerful infrastructures supporting interoperability for inter-organizational workflows. Nevertheless, the realization of such workflows is a very complex task, in many aspects still bound to low-level technical knowledge and error-prone. We provide a framework for the realization and the management of security-critical workflows based on the paradigm of Model Driven Security. The framework complies with a hierarchical stack of Web services specifications and related technologies. In this paper, we introduce a UML based approach for the modeling of security-critical inter-organizational workflows and map it to the Web Services Choreography Description Language. Our approach is based on a set of security patterns, which are integrated into UML class and activity diagrams. A tool translates the models into executable artifacts configuring a reference architecture based on Web services.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Nadalin, A., et al.: Web Services Security: SOAP Message Security 1.0 (WS Security 2004). OASIS Standard 200401 (March 2004)

    Google Scholar 

  2. Kavantzas, N., et al.: Web Services Choreography Description Language Version 1.0. W3C Working Draft 17 December (2004)

    Google Scholar 

  3. Miller, J., et al. (eds.): MDA Guide Version 1.0.1. OMG (2003)

    Google Scholar 

  4. Lodderstedt, T., et al.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., et al. (eds.) Proc. of the 5th Int. Conf. on the Unified Modeling Language, Springer, Heidelberg (2002)

    Google Scholar 

  5. IBM, Microsoft, BEA Systems, SAP AG, Siebel Systems, Specification: Business Process Execution Language for Web Services Version 1.1. IBM (2003)

    Google Scholar 

  6. Gutiérez, C., et al.: Web Service Security: is the Problem solved? In: Proc of the 2nd Int Workshop on Security In Inf. Sys., WOSIS 2004, in conj. with ICEIS 2004, Porto (2004)

    Google Scholar 

  7. BPMI, BPML 1.0 Specification. BPMI (2002)

    Google Scholar 

  8. OASIS, ebXML Business Process Specification Schema Version 1.01. OASIS (2001)

    Google Scholar 

  9. Bernauer, M., et al.: Comparing WSDL-based and ebXML-based Approaches for B2B Protocol Specification. In: Orlowska, M.E., Weerawarana, S., Papazoglou, M.P., Yang, J. (eds.) ICSOC 2003. LNCS, vol. 2910, pp. 225–240. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Mitra, N.: SOAP Version 1.2 Part 1: Messaging Framework. W3C Recommendation June 24 (2003)

    Google Scholar 

  11. Eastlake, D., et al. (eds.): XML-Signature Syntax and Processing. W3C Recommendation, February 12 (2002)

    Google Scholar 

  12. Eastlake, D., et al. (eds.): XML Encryption Syntax and Processing. W3C Recommendation, December 10 (2002)

    Google Scholar 

  13. Moses, T., et al. (eds.): XACML Profile for Web-Services. XACML TC Working draft, Version 04, September 29 (2003)

    Google Scholar 

  14. Mishra, P., et al. (eds.): Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0. Committee Draft 02, September 24 (2004)

    Google Scholar 

  15. Bajaj, S., et al.: Web Services Policy Framework (WS-Policy) (September 2004)

    Google Scholar 

  16. Breu, R., Hafner, M., Weber, B., Novak, A.: Model Driven Security for Inter-Organizational Workflows in E-Government. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS (LNAI), vol. 3416, pp. 122–133. Springer, Heidelberg (2005) ISBN 3-540-25016-6

    Chapter  Google Scholar 

  17. Breu, R., Hafner, M., Weber, B.: Modeling and Realizing Security-Critical Inter- Organizational Workflows. In: Dosch, W., Debnath, N. (eds.) Proc. IASSE 2004, ISCA (2004) ISBN 1-880843-52-X

    Google Scholar 

  18. Hafner, M., Breu, R., Breu, M.: A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together. In: Chen, C.S., et al. (eds.) Proc. ICEIS 2005, INSTICC (2005) ISBN 972-8865-19-8

    Google Scholar 

  19. Hafner, M., Breu, R., Breu, M., Nowak, A.: Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment. Accepted for ICWS (2005)

    Google Scholar 

  20. Hall, A., Chapman, R.: Correctness by construction developing a commercial secure system. IEEE Software 19(1), 18–25 (2002)

    Article  Google Scholar 

  21. Breu, R., Burger, K., Hafner, M., Popp, G.: Towards a Systematic Development of Secure Systems. Inf. Systems Security 13(3), 5–13 (2004)

    Article  Google Scholar 

  22. Mantell, K.: From UML to BPEL. IBM-developerWorks (2003)

    Google Scholar 

  23. IBM, Business Process Execution Language for Web Services JavaTM Run Time (BPWS4J). IBM (2002)

    Google Scholar 

  24. van der Aalst, W.M.P., Weske, M.: The P2P approach to Interorganizational Workflows. In: Dittrich, K.R., Geppert, A., Norrie, M.C. (eds.) CAiSE 2001. LNCS, vol. 2068, pp. 140–156. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  25. van der Aalst, W.M.P.: Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries. Information and Management 37(2), 67–75 (2000)

    Article  Google Scholar 

  26. Luo, Z., et al.: Exception Handling in Workflow Systems. Applied Intelligence 13(2), 125–147 (2000)

    Article  Google Scholar 

  27. Grefen, P., et al.: CrossFlow: cross-organizational workflow management in dynamic virtual enterprises. International Journal of Computer Systems Science & Engineering 15(5), 277–290 (2000)

    Google Scholar 

  28. Casati, F., Shan, M.: Event-based Interaction Management for Composite E-Services in eFlow. Information Systems Frontiers 4(1), 19–31 (2002)

    Article  Google Scholar 

  29. Atluri, V., Huang, W.K.: Enforcing Mandatory and Discretionary Security in Workflow Management Systems. In: Proc. of the 5th Europ. Symp. on Research in Comp. Sec. (1996)

    Google Scholar 

  30. Gudes, E., et al.: Modelling, Specifying and Implementing Workflow Security in Cyberspace. Journal of Computer Security 7(4), 287–315 (1999)

    Google Scholar 

  31. Huang, W.K., Atluri, V.: SecureFlow: A secure Web-enabled Workflow Management System. In: ACM Workshop on Role-Based Access Control 1999, pp. 83–94 (1999)

    Google Scholar 

  32. Wainer, J., et al.: W-RBAC – A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems 12(4), 455–485 (2003)

    Article  Google Scholar 

  33. Van der Aalst, W.M.P.: Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries. Information and Management 37(2), 67–75 (2000)

    Article  Google Scholar 

  34. OMG, UML 2.0 Superstructure Specification, OMG (2002)

    Google Scholar 

  35. Carlson, D.: Modeling XML Applications with UML: Practical E-Business Applications. Addison Wesley, Boston (2001)

    Google Scholar 

  36. Alam, M., Breu, M., Breu, R.: Model Driven Security for Web Services. In: Proc. of the 8th International Multi-topic Conference (INMIC 2004), IEEE, Lahore (2004)

    Google Scholar 

  37. Austrian Signature Act (Signaturgesetz - SigG), Art. 1 of the Act published in the Austrian Federal Law Gazette, part I, Nr. 190/1999

    Google Scholar 

  38. Breu, R., Breu, M., Hafner, M., Nowak, A.: Web Service Engineering - Advancing A New Software Engineering Discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 8–18. Springer, Heidelberg (2005) (accepted)

    Chapter  Google Scholar 

  39. BEA, Intalio, Sun Microsystems, SAP, Web Service Choreography Interface (WSCI) (August 2002)

    Google Scholar 

  40. Della-Libera, G., et al.: Web Services Security Policy Language (WS-SecurityPolicy) (December 2002)

    Google Scholar 

  41. Anderson, S., et al.: Web Services Trust Language (WS-Trust) (February 2005)

    Google Scholar 

  42. Barros, A., et al.: A Critical Overview of the Web Services Choreography Description Language (WS-CDL). BPTrends Newsletter 3(3) (March 1, 2005)

    Google Scholar 

  43. Dijkman, R.M., Dumas, M.: Service-Oriented Design: A Multi-Viewpoint Approach. Int. Journal of Cooperative Information Systems 13(4), 337–368 (2004)

    Article  Google Scholar 

  44. Alam, M., Breu, R., Hafner, M.: Modeling permissions in a (U/X)ML world. Submitted to ECMDA, Nuremberg, Germany (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Universität Innsbruck, Techniker Straße 21a, A 6020, Innsbruck

    Michael Hafner & Ruth Breu

Authors
  1. Michael Hafner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Simula Research Laboratory, University of Oslo, P.O. Box 134, Lysaker, Norway

    Lionel Briand

  2. IBM T J Watson Research Center, 19 Skyline Drive, 10532, Hawthorne, NY

    Clay Williams

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hafner, M., Breu, R. (2005). Realizing Model Driven Security for Inter-organizational Workflows with WS-CDL and UML 2.0. In: Briand, L., Williams, C. (eds) Model Driven Engineering Languages and Systems. MODELS 2005. Lecture Notes in Computer Science, vol 3713. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11557432_4

Download citation

  • DOI: https://doi.org/10.1007/11557432_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29010-0

  • Online ISBN: 978-3-540-32057-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation