Skip to main content
SpringerLink
Log in

BPEL4RBAC: An Authorisation Specification for WS-BPEL

  • Conference paper
Web Information Systems Engineering - WISE 2008 (WISE 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5175))

Included in the following conference series:

Abstract

Business process management is designed to make business activities and trade easier and more cost effective. The increasing business integration and legal requirements raise the need for secure business processes. However, the openness and distribution nature of inter-organisational business processes may result in more security breaches. As a widely accepted standard, WS-BPEL does not support for business process security protection even if the participating organisations already have working security policies. To address this problem, we have developed an authorisation specification BPEL4RBAC for WS-BPEL. Through BPEL4RBAC access control model, with an extension for WS-BPEL, called BPEL4RBAC policy language, the secure WS-BPEL is then achievable. The former introduces the access control capability into business process environment while the latter is used to represent the authorisation information in WS-BPEL.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wei, X., Jun, W., Yu, L., Jing, L.: SOWAC: a service-oriented workflow access control model. In: Proceedings of the 28th Annual International Computer Software and Applications Conference. COMPSAC 2004, pp. 128–134 (2004)

    Google Scholar 

  2. Wang, X., Zhang, Y., Shi, H.: Scenario-Based Petri Net Approach for Collaborative Business Process Modelling. In: IEEE Asia-Pacific Service Computing Conference, pp. 18–25 (2007)

    Google Scholar 

  3. Neubauer, T., Klemen, M., Biffl, S.: Secure Business Process Management: A Roadmap. In: First International Conference on Availability, Reliability and Security (ARES 2006), Washington, DC, USA, pp. 457–464. IEEE Computer Society, Los Alamitos (2006)

    Chapter  Google Scholar 

  4. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  5. Sloman, M., Lupu, E.: Security and management policy specification. Network, IEEE 16(2), 10–19 (2002)

    Article  Google Scholar 

  6. Kim, H., Lee, R., Yang, H.: Frameworks for Secured Business Process Management Systems. In: Fourth International Conference on Software Engineering Research, Management and Applications (2006)

    Google Scholar 

  7. Tolone, W., Ahn, G., Pai, T., Hong, S.: Access control in collaborative systems. ACM Computing Surveys (CSUR) 37(1), 29–41 (2005)

    Article  Google Scholar 

  8. Siponen, M., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. ACM SIGMIS Database 38(1), 60–80 (2007)

    Article  Google Scholar 

  9. Wang, H., Cao, J., Zhang, Y.: A flexible payment scheme and its role-based access control. IEEE Transactions on Knowledge and Data Engineering 17(3), 425–436 (2005)

    Article  Google Scholar 

  10. Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of Policies for Distributed Systems and Networks. POLICY 2003. IEEE 4th International Workshop, pp. 120–131 (2003)

    Google Scholar 

  11. Liu, P., Chen, Z.: An Access Control Model for Web Services in Business Process. In: Proceedings of Web Intelligence, 2004. WI 2004, IEEE/WIC/ACM International Conference, pp. 292–298 (2004)

    Google Scholar 

  12. Yang, C.: Designing secure e-commerce with role-based access control. International Journal of Web Engineering and Technology 3(1), 73–95 (2007)

    Article  Google Scholar 

  13. Wang, H., Zhang, Y., Cao, J., Varadharajan, V.: Achieving Secure and Flexible M-Services Through Tickets. IEEE Transactions On Systems, Man, And Cyberneticspart A: Systems and Humans 33(6), 697 (2003)

    Article  Google Scholar 

  14. Chang, J.: Business Process Management System - Strategy and Implementation. Auerbach Publications (2006)

    Google Scholar 

  15. Papazoglou, M., Georgakopoulos, D.: Service-oriented computing: Introduction. Communications of the ACM 46(10), 24–28 (2003)

    Article  Google Scholar 

  16. OASIS: Web Services Business Process Execution Language v2.0 (2007)

    Google Scholar 

  17. IBM: Web Services Flow Language (2001)

    Google Scholar 

  18. Corporation, M.: XLANG: Web Services for Business Process Design (2001)

    Google Scholar 

  19. W3C: SOAP Specification V1.2 (2007)

    Google Scholar 

  20. W3C: Web Services Description Language (WSDL) V1.1 (2001)

    Google Scholar 

  21. OASIS: UDDI Version 3.0.2 (2004)

    Google Scholar 

  22. W3C: XML Schema (2004)

    Google Scholar 

  23. W3C: XML Path Language (XPath) (1999)

    Google Scholar 

  24. OASIS: WS-Security Core Specification V1.1 (2006)

    Google Scholar 

  25. W3C: Web Services Policy 1.2 - Framework (WS-Policy) (2006)

    Google Scholar 

  26. OASIS: Security Assertion Markup Language (SAML) v2.0 (2005)

    Google Scholar 

  27. OASIS: eXtensible Access Control Markup Language TC v2.0 (XACML) (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Mathematics, Victoria University, Australia

    Xin Wang, Yanchun Zhang & Hao Shi

  2. Department of Computing, Macquarie University, Sydney, NSW2109, Australia

    Jian Yang

Authors
  1. Xin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanchun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hao Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

James Bailey David Maier Klaus-Dieter Schewe Bernhard Thalheim Xiaoyang Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, X., Zhang, Y., Shi, H., Yang, J. (2008). BPEL4RBAC: An Authorisation Specification for WS-BPEL. In: Bailey, J., Maier, D., Schewe, KD., Thalheim, B., Wang, X.S. (eds) Web Information Systems Engineering - WISE 2008. WISE 2008. Lecture Notes in Computer Science, vol 5175. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85481-4_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85481-4_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85480-7

  • Online ISBN: 978-3-540-85481-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation