An approach to extract RBAC models from BPEL4WS processes

Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE

Volumn 13, Issue , 2004, Pages 81-86

  Mendling, Jan ^a   Strembeck, Mark ^a   Stermsek, Gerald ^a   Neumann, Gustaf ^a  

^a VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS PROCESS EXECUTION LANGUAGE FOR WEB SERVICES (BPEL); ROLE-BASED ACCESS CONTROL (RBAC); SIMPLE OBJECT ACCESS PROTOCOL (SAOP); WEB SERVICE DESCRIPTION LANGUAGE (WSDL);

ABSTRACTING; COMPUTER PROGRAMMING LANGUAGES; FORMAL LOGIC; INFORMATION SERVICES; INTERFACES (COMPUTER); NETWORK PROTOCOLS; SECURITY OF DATA; XML;

WORLD WIDE WEB;

EID: 10444269570     PISSN: 15244547     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. T. Andrews, F. Curbera, H. Dholakia, Y. Goland, J. Klein, F. Leymann, K. Liu, D. Roller, D. Smith, S. Thatte, I. Trickovic, and S. Weerawarana. Business Process Execution Language for Web Services, Version 1.1. Specification, BEA Systems, IBM Corp., Microsoft Corp., SAP AG, Siebel Systems, 2003.
2. B. Atkinson, G. Della-Libera, S. Hada, M. Hondo, P. Hallam-Baker, J. Klein, B. LaMacchia, P. Leach, J. Manferdellie, H. Maruyama, A. Nadalin, N. Nagaratnam, H. Prafullchandra, J. Shewchuk, and D. Simon. Web Services Security. Specification, IBM Corp., Mircosoft Corp., VeriSign, Inc., 2002.
3. B. Benatallah, Q. Sheng, and M. Dumas. The self-serv environment for web services composition. IEEE Internet Computing, 7(1):40-48, January/February 2003.
4. E. Bertino, E. Ferrari, and V. Atluri. The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC), 2(1), February 1999.
5. F. Cabrera, G. Copeland, B. Cox, T. Freund, J. Klein, T. Storey, and S. Thatte. Web Service Transaction. Specification, BEA Systems, IBM Corp., Microsoft Corp., 2002.
6. E. Christensen, F. Curbera, G. Meredith, and S. Weerawarana. Web Service Description Language (WSDL) 1.1. Note, W3C, March 2001.
7. J. Clark. XSL Transformations (XSLT) Version 1.0. Recommendation, W3C, November 1999.
8. J. Clark and S. DeRose. XML Path Language (XPath) Version 1.0. Recommendation, W3C, November 1999.
9. D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security, 4(3), 2001.
10. S. Godik and T. Moses, eds. eXtensible Access Control Markup Language (XACML). Specification, OASIS, 2003.
11. M. Gudgin, M. Hadley, N. Mendelsohn, J.-J. Moreau, and H. F. Nielsen. SOAP Version 1.2 Part 1 and Part 2. Recommendation, W3C, June 2003.
12. M. Kang, J. Park, and J. Froscher. Access Control Mechanisms for Inter-Organizational Workflow. In Proc. of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2001.
13. G. Neumann and M. Strembeck. Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In Proc. of the 8th ACM Conference on Computer and Communications Security (CCS), 2001.
14. G. Neumann and M. Strembeck. A Scenario-driveen Role Engineering Process for Functional RBAC Roles. In Proc. of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT), 2002.
15. G. Neumann and M. Strembeck. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment. In Proc. of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), 2003.
16. M. Rosemann and M. zur Mühlen. Evaluation of workflow management systems - a meta model approach. In K. Siau, Y. Wand, and J. Parsons, editors, Proc. of the 2nd EMMSAD Workshop, Barcelona, Spain, 1997.
17. H. Skogsrud, B. Benatallah, and F. Casati. Model-driven trust negotiation for web services. IEEE Internet Computing, 7(6):45-52, November/December 2003.
18. R. Thomas and R. Sandhu. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proc. of the IFIP WG11.3 Conference on Database Security, August 1997.
19. W. M. P. v.d. Aalst, A. Kumar, and H. M. W. Verbeek. Organizational modeling in UML and XML in the context of workflow systems. In Proc. of the ACM Symposium on Applied Computing (SAC), pages 603-608, 2003.
20. H. Verbeek, A. Himschall, and W. van der Aalst. XRL/Flower: Supporting Interorganizational Workflows using XRL/Petri-net Technology. In Web Services, E-Business, and the Semantic Web, CAiSE 2002 International Workshop (WES 2002), LNCS 2512, pages 93-108, 2002.
21. W. Vogels. Web Services are not Distributed Object. IEEE Internet Computing, pages 59-66, Nov/Dec 2003.
22. L. Yu and B. Schmid. A conceptual framework for agent oriented and role based workflow modeling. In Proceedings of the CaiSE Workshop on Agent Oriented Information Systems (AOIS99), 1999.
23. L. Zhang, G. Ahn, and B. Chu. A Rule-Based Framework for Role-Based Delegation and Revocation. ACM Transactions on Information and System Security (TISSEC), 6(3), August 2003.