Abstract
Business process management is designed to make business activities and trade easier and more cost effective. The increasing business integration and legal requirements raise the need for secure business processes. However, the openness and distribution nature of inter-organisational business processes may result in more security breaches. As a widely accepted standard, WS-BPEL does not support for business process security protection even if the participating organisations already have working security policies. To address this problem, we have developed an authorisation specification BPEL4RBAC for WS-BPEL. Through BPEL4RBAC access control model, with an extension for WS-BPEL, called BPEL4RBAC policy language, the secure WS-BPEL is then achievable. The former introduces the access control capability into business process environment while the latter is used to represent the authorisation information in WS-BPEL.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wei, X., Jun, W., Yu, L., Jing, L.: SOWAC: a service-oriented workflow access control model. In: Proceedings of the 28th Annual International Computer Software and Applications Conference. COMPSAC 2004, pp. 128–134 (2004)
Wang, X., Zhang, Y., Shi, H.: Scenario-Based Petri Net Approach for Collaborative Business Process Modelling. In: IEEE Asia-Pacific Service Computing Conference, pp. 18–25 (2007)
Neubauer, T., Klemen, M., Biffl, S.: Secure Business Process Management: A Roadmap. In: First International Conference on Availability, Reliability and Security (ARES 2006), Washington, DC, USA, pp. 457–464. IEEE Computer Society, Los Alamitos (2006)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Sloman, M., Lupu, E.: Security and management policy specification. Network, IEEE 16(2), 10–19 (2002)
Kim, H., Lee, R., Yang, H.: Frameworks for Secured Business Process Management Systems. In: Fourth International Conference on Software Engineering Research, Management and Applications (2006)
Tolone, W., Ahn, G., Pai, T., Hong, S.: Access control in collaborative systems. ACM Computing Surveys (CSUR) 37(1), 29–41 (2005)
Siponen, M., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. ACM SIGMIS Database 38(1), 60–80 (2007)
Wang, H., Cao, J., Zhang, Y.: A flexible payment scheme and its role-based access control. IEEE Transactions on Knowledge and Data Engineering 17(3), 425–436 (2005)
Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of Policies for Distributed Systems and Networks. POLICY 2003. IEEE 4th International Workshop, pp. 120–131 (2003)
Liu, P., Chen, Z.: An Access Control Model for Web Services in Business Process. In: Proceedings of Web Intelligence, 2004. WI 2004, IEEE/WIC/ACM International Conference, pp. 292–298 (2004)
Yang, C.: Designing secure e-commerce with role-based access control. International Journal of Web Engineering and Technology 3(1), 73–95 (2007)
Wang, H., Zhang, Y., Cao, J., Varadharajan, V.: Achieving Secure and Flexible M-Services Through Tickets. IEEE Transactions On Systems, Man, And Cyberneticspart A: Systems and Humans 33(6), 697 (2003)
Chang, J.: Business Process Management System - Strategy and Implementation. Auerbach Publications (2006)
Papazoglou, M., Georgakopoulos, D.: Service-oriented computing: Introduction. Communications of the ACM 46(10), 24–28 (2003)
OASIS: Web Services Business Process Execution Language v2.0 (2007)
IBM: Web Services Flow Language (2001)
Corporation, M.: XLANG: Web Services for Business Process Design (2001)
W3C: SOAP Specification V1.2 (2007)
W3C: Web Services Description Language (WSDL) V1.1 (2001)
OASIS: UDDI Version 3.0.2 (2004)
W3C: XML Schema (2004)
W3C: XML Path Language (XPath) (1999)
OASIS: WS-Security Core Specification V1.1 (2006)
W3C: Web Services Policy 1.2 - Framework (WS-Policy) (2006)
OASIS: Security Assertion Markup Language (SAML) v2.0 (2005)
OASIS: eXtensible Access Control Markup Language TC v2.0 (XACML) (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, X., Zhang, Y., Shi, H., Yang, J. (2008). BPEL4RBAC: An Authorisation Specification for WS-BPEL. In: Bailey, J., Maier, D., Schewe, KD., Thalheim, B., Wang, X.S. (eds) Web Information Systems Engineering - WISE 2008. WISE 2008. Lecture Notes in Computer Science, vol 5175. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85481-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-85481-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85480-7
Online ISBN: 978-3-540-85481-4
eBook Packages: Computer ScienceComputer Science (R0)