Abstract
Scientific experiments often involve use of shared resources across organization boundaries in distributed collaborative environments. They are more often enabled through web services. A plethora of research is undertaken to protect individual web services. They include centralized security models wherein the main focus is on centralised Virtual Organization (VO) specific attribute authorities, e.g. VOMS, which can be used by collaborative service providers to make authorisation decisions. And a decentralized security model wherein each service provider themselves are responsible for the assignment of roles/privileges to the different members of collaborative environments. Workflows themselves can be orchestrated in centralized or decentralized orchestration models. In this research work we have identified a number of architectural design patterns for security-enabled workflows executions. These patterns are based on the different workflows execution and security models. The key issues in such patterns as well as a rationale of choice are provided. An overview of a security-oriented workflow framework is provided that can tackle some of the issues identified in these patterns.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Housley, R., Polk, T.: Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. Willey Computer Publishing, Chichester (2001)
Watt, J., Sinnott, R.O., Stell, A.J.: Dynamic privilege management infrastructures utilising secure attribute exchange (2005)
Chadwick, D.W.: An X.509 Role-based Privilege Management Infrastructure (2001)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Gener. Comput. Syst. 19(2), 277–289 (2003)
OASIS eXtensible Access Control Markup Language (XACML) Version 2.0 [Specification] (2005)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of 2005 IEEE International Conference on Web Services, 2005, ICWS 2005 (2005)
Sinnott, R.O.: Grid Security: Practices, Middleware and Outlook. National e-Science Centre (2005)
Virtual Organization Management Service (VOMS). http://vdt.cs.wisc.edu/components/voms.html
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration, pp. 50–59 (2002)
Internet2 Shibboleth technology (2009). http://shibboleth.internet2.edu
Dörnemann, T., Friese, T., Herdt, S., Juhnke, E., Freisleben, B.: Grid workflow modelling using grid-specific BPEL extensions. In: Proceedings of German e-Science Conference, vol. 2007, pp. 1–9 (2007)
Tan, K.L.L., Turner, K.J.: Orchestrating grid services using BPEL and Globus Toolkit 4. In: 7th PGNet Symposium (2006)
Paci, F., Bertino, E., Crampton, J.: An access-control framework for WS-BPEL. Int. J. Web Serv. Res. (IJWSR) 5(3), 20–43 (2008)
van Der Aalst, W.M.P., Ter Hofstede, A.H.M., Kiepuszewski, B., Barros, A.P.: Workflow patterns. Distrib. Parallel Databases 14(1), 5–51 (2003)
Vlissides, J., Helm, R., Johnson, R., Gamma, E.: Design Patterns: Elements of Reusable Object-Oriented Software, vol. 49, p. 120. Addison-Wesley, Reading (1995)
Castano, S., Fugini, M.G.: Rules and patterns for security in workflow systems. In: Jajodia, S. (ed.) Database Security XII, vol. 14, pp. 59–74. Springer, New York (1999)
Sinnott, R.O., Bayliss, C., Galang, G., Mannix, D., Tomko, M.: Security attribute aggregation models for e-research collaborations. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 342–349 (2012)
Shib-Grid Integrated Authorization (Shintau)
Sinnott, R.O., Hussain, S.: Architectural design patterns for security-oriented workflows in the social science domain. In: Conference on e-Social Science, Cologne, Germany, 24–26 June 2009 (2009)
Sinnott, R.O., Hussain, S.: Security-oriented workflows for the social sciences. In: 2010 4th International Conference on Network and System Security (NSS), pp. 152–159 (2010)
Sinnott, R.O., Chadwick, D.W., Doherty, T., Martin, D., Stell, A.J., Stewart, G., Su, L., Watt, J.: Advanced security for virtual organizations: the pros and cons of centralized vs decentralized security models, pp. 106–113 (2008)
Hussain, S., Sinnott, R.O.: A security-oriented workflow framework for collaborative environments. In: 2016 IEEE 15th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (in press)
Hussain, S., Sinnott, R.O., Poet, R.: Security-enabled enactment of decentralized workflows. In: ACM 9th International Conference on Security of Information and Networks, 2016 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Hussain, S., Sinnott, R.O., Poet, R. (2016). Architectural Patterns for Security-Oriented Workflows in Collaborative Environments. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)