Abstract
Service Oriented Architecture (SOA) is considered to be an important enabler of Internet of Services. By adopting SOA in development, business services can be offered, mediated, and traded as web services, so as to support agile and dynamic business collaborations on the Internet. Business collaboration is often implemented as cross-enterprise processes and involves more than one business entity which agrees to join the collaboration. To enable trustworthy and secure provision of services and service composition across enterprise boundaries, trust between business participants must be established, that is, user identities and access rights must be federated, to support business functions defined in the business processes. This paper proposes an approach which derives trust federation from formally described business process models, such as BPMN and WS-CDL processes, to automate security configuration of business collaborations. The result of the derivation is trust policies which identify trust relationships between business participants and can be enforced in enterprises’ service runtimes with support of a policy deployment infrastructure.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alves, A., Arkin, A., Askary, S., Barreto, Ch., Bloch, B., Curbera, Fr. et al. (2007). Web services business process execution language version 2.0. OASIS Standard. Retrieved 19 March 2009 from http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.
Amazon (2009). Amazon elastic compute cloud. Retrieved 19 March 2009 from http://aws.amazon.com/ec2/.
Bajaj, S., Della-Libera, G., Dixon, B., Dusche, M., Hondo, M., Hur, M., et al. (2003). Web services federation language (WS-Federation) version 1.0. Retrieved 19 March 2009 from http://msdn2.microsoft.com/en-us/library/ms951236.aspx.
Bajaj, S., Box, D., Chappell, D., Curbera, Fr., Daniels, G., Hallam-Baker, Ph. et al. (2006a). Web services policy 1.2—framework (WS-Policy). W3C Member Submission. Retrieved 19 March 2009 from http://www.w3.org/Submission/WS-Policy.
Bajaj, S., Box, D., Chappell, D., Curbera, Fr., Daniels, G., Hallam-Baker, Ph., et al. (2006b). Web services policy 1.2—attachment (WS-PolicyAttachment). W3C Member Submission. Retrieved 19 March 2009 from http://www.w3.org/Submission/WS-PolicyAttachment/.
Barros, A., Dumas, M., & Oaks, P. (2005). A critical overview of the web services choreography description language (WSCDL). BPTrends Newsletter, March 2005.
Becker, J., Kugeler, M., & Rosemann, M. (Ed.) (2003). Process management a guide for the design of business processes. Springer-Verlag.
Clement, L., Hately, Q., Riegen, K., & Rogers, T. (Ed.) (2004). UDDI version 3.0.2. UDDI Spec Technical Committee Draft. Retrieved 19 March 2009 from http://www.uddi.org/pubs/uddi_v3.htm.
Felkenr, A., & Kruk, T. (2007). Modeling trust management and security of information. ISSE/SECURE 2007 Securing Electronic Business Processes. Vieweg.
Fielding, T., & Taylor, N. (2002). Principled design of the modern web architecture. ACM Transactions on Internet Technology (TOIT). 115–150. Association for Computing Machinery.
Godik, O. S., & Moses, T. (Ed.) (2003). OASIS standard security assertion markup language (SAML) v1.1. Retrieved 19 March 2009 from http://www.oasis-open.org/specs/index.php#wssv1.0.
Google (2009). Google Apps. Retrieved 19 March 2009 from http://appengine.google.com/.
Heuser, L., Alsdorf, C., & Woods, D. (2008). International research forum 2007 (pp. 100–101). New York: Evolved Technologist Press.
Hirao, J., Choi, M., Cox, P., Passer, S., & Wun-Young, L. (Ed.) (2008). SAP security configuration and deployment: The IT administrator’s guide to best practices (1st ed). Syngress.
IBM (2009). Tivoli access manager. Retrieved 19 March 2009 from http://www-01.ibm.com/software/tivoli/products/access-mgr-esso/.
Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, F., Lafon, Y., & Barreto, Ch. (Ed.) (2005). Web services choreography description language version 1.0. W3C Candidate Recommendation 9. Retrieved 19 March 2009 from http://www.w3.org/TR/ws-cdl-10/.
Liberty Alliance (2009). Liberty alliance. Retrieved 30 September 2009 from http://www.projectliberty.org/.
Microsoft (2009). Active directory. Retrieved 19 March 2009 from http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx.
Nadalin, A., Kaler, Ch., Hallam-Baker, P., & Monzillo, R. (Ed.) (2004). Web services security v1.1. OASIS Standard. Retrieved 19 March 2009 from http://www.oasis-open.org/specs/index.php#wssv1.0.
Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., & Granqvist, H. (2007). WS-trust 1.3. OASIS Standard. Retrieved 19 March 2009 from http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html.
OMG (2007). MOF 2.0/XMI mapping specification, V2.1.1. Retrieved 19 March 2009 from http://www.omg.org/technology/documents/formal/xmi.htm.
OMG (2008). Business process model and notation (BPMN), version 1.1. Retrieved 19 March 2009 from http://www.omg.org/spec/BPMN/1.1.
OMG (2009). Business process modeling notation (BPMN) version 1.2. Retrieved 19 March 2009 from http://www.omg.org/spec/BPMN/1.2.
OMG-BPDM (2008). Business process definition metamodel. Retrieved 19 March 2009 from http://www.omg.org/spec/BPDM/1.0/.
OpenID Foundation (2009). OpenID. Retrieved 19 March 2009 from http://openid.net/.
Papazoglou, M. P., & Dubray, J. (2004). A survey of web service technologies. Technical Report DIT-04-058, Informatica e Telecomunicazioni, University of Trento.
Robinson, P., Kerschbaum, F., & Schaad, A. (2006). From business process choreography to authorization policies. In Proceedings of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (pp. 297–309). Springer.
Roser, S., & Bauer, B. (2005). A categorization of collaborative business process modeling techniques. In Proceedings of Seventh IEEE International Conference E-Commerce Technology Workshops.
Scheer, A. (1998). ARIS-Modellierungsmethoden, Metamodelle, Anwendungen. Springer.
Sermersheim, J. (Ed.) (2006). Lightweight directory access protocol (LDAP). Request for comments: 4511. Network Working Group. Retrieved 19 March 2009 from http://www.ietf.org/rfc/rfc4511.txt.
Shibboleth (2009). Shibboleth. Retrieved 19 March 2009 from http://shibboleth.internet2.edu/.
STP (2009). STP/BPMN modeler. Retrieved 19 March 2009 from http://www.eclipse.org/bpmn/.
Sun (2009). Sun OpenSSO enterprise. Retrieved 30 September 2009 from http://www.sun.com/software/products/opensso_enterprise/index.xml.
Theseus Programm (2009). TEXO —business webs in the internet of services. Retrieved 19 March 2009 from http://theseus-programm.de/en-us/theseus-application-scenarios/texo/default.aspx.
UN/CEFACT & OASIS (2001). ebXML business process specification, schema, version 1.01. Retrieved 19 March 2009 from http://www.ebxml.org/specs/ebBPSS.pdf.
Wolter, C., Menzel, M., Schaad, A., Miseldine, P., & Meinel, C. (2009). Model-driven business process security requirement specification. Journal of Systems Architecture: the EUROMICRO Journal, 211–223.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hu, J. Derivation of trust federation for collaborative business processes. Inf Syst Front 13, 305–319 (2011). https://doi.org/10.1007/s10796-010-9282-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-010-9282-9