Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0 bringing web services, security and UML together

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3713 LNCS, Issue , 2005, Pages 39-53

  Hafner, Michael ^a   Breu, Ruth ^a  

^a UNIVERSITY OF INNSBRUCK   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; FORMAL LANGUAGES; INTEROPERABILITY; KNOWLEDGE ACQUISITION; MATHEMATICAL MODELS; WORLD WIDE WEB;

MODEL DRIVEN SECURITY; UML BASED APPROACH; WEB SERVICES CHOREOGRAPHY DESCRIPTION LANGUAGE;

SECURITY OF DATA;

EID: 33646190477     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11557432_4     Document Type: Conference Paper

References (44)

1. A. Nadalin, et al., "Web Services Security: SOAP Message Security 1.0 (WS Security 2004)". OASIS Standard 200401, March 2004.
2. N. Kavantzas et al., "Web Services Choreography Description Language Version 1.0". W3C Working Draft 17 December 2004.
3. J. Miller et al. (ed.), "MDA Guide Version 1.0.1". OMG, 2003.
4. T. Lodderstedt et al., "SecureUML: A UML-Based Modeling Language for Model-Driven Security". In: J.-M. Jézéquel et al. (eds.), Proc. of the 5th Int. Conf. on the Unified Modeling Language, Springer, 2002.
5. IBM, Microsoft, BEA Systems, SAP AG, Siebel Systems, "Specification: Business Process Execution Language for Web Services Version 1.1". IBM, 2003.
6. C. Gutiérez et al., "Web Service Security: is the Problem solved?". In: Proc of the 2nd Int Workshop on Security In Inf. Sys., WOSIS 2004, in conj. with ICEIS 2004, Porto, 2004.
7. BPMI, "BPML 1.0 Specification". BPMI, 2002.
8. OASIS, "ebXML Business Process Specification Schema Version 1.01". OASIS, 2001.
9. M. Bernauer et al., "Comparing WSDL-based and ebXML-based Approaches for B2B Protocol Specification". In: Proc. of the 1st Int. Conf. on Service-Oriented Computing (ICSOC), Trento, 2003.
10. N. Mitra, N., "SOAP Version 1.2 Part 1: Messaging Framework". W3C Recommendation 24 June 2003.
11. Eastlake, D. (ed.), et al., "XML-Signature Syntax and Processing". W3C Recommendation 12 February 2002.
12. Eastlake, D. (ed.), et al., "XML Encryption Syntax and Processing". W3C Recommendation 10 December 2002".
13. T. Moses (ed.), et al, "XACML Profile for Web-Services". XACML TC Working draft, Version 04, September 29, 2003.
14. P. Mishra (ed.), et al., "Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0". Committee Draft 02, 24 September 2004.
15. S. Bajaj, et al, "Web Services Policy Framework (WS-Policy)". September 2004.
16. R. Breu, M. Hafner, B. Weber, A. Novak, "Model Driven Security for Inter-Organizational Workflows in E-Government". In: Proc. TCGOV 2005, TED, ISBN 3-540-25016-6.
17. R. Breu, M. Hafner, B. Weber, "Modeling and Realizing Security-Critical Inter-Organizational Workflows", In: W. Dosch, N. Debnath (Eds.), Proc. IASSE 2004, ISCA, ISBN 1-880843-52-X.
18. M. Hafner, R. Breu, M. Breu, "A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together". In: C. S. Chen et al. (Eds.): Proc. ICEIS 2005, INSTICC, ISBN 972-8865-19-8, 2005.
19. M. Hafher, R. Breu, M. Breu, A. Nowak, "Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment". Accepted for ICWS 2005.
20. A. Hall, R. Chapman, "Correctness by construction developing a commercial secure system". IEEE Software 19 (2002) 1, 2002, pp. 18-25.
21. R. Breu, K. Burger, M. Hafner, G. Popp, "Towards a Systematic Development of Secure Systems". Inf. Systems Security 13 (2004) 3, Auerbach, New York, 2004, pp. 5-13.
22. K. Mantell, "From UML to BPEL". IBM-developerWorks, 2003.
23. IBM, "Business Process Execution Language for Web Services Java™ Run Time (BPWS4J)". IBM, 2002.
24. W.M.P. van der Aalst, M. Weske, "The P2P approach to Interorganizational Workflows". In K.R. Dittrich et al. (eds.): Proc. of the 13th Int. Conf. on Adv. Information Systems Eng. (CAiSE'01), Springer, Berlin, 2001, pp. 140-156.
25. W.M.P. van der Aalst, "Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries". Information and Management 37 (2000) 2, pp. 67-75.
26. Z. Luo, et al., "Exception Handling in Workflow Systems". Applied Intelligence 13 (2000) 2, pp. 125-147.
27. P. Grefen, et al., "CrossFlow: cross-organizational workflow management in dynamic virtual enterprises". International Journal of Computer Systems Science & Engineering 15 (2000) 5, pp. 277-290.
28. F. Casati and M. Shan, "Event-based Interaction Management for Composite E-Services in eFlow". Information Systems Frontiers 4 (2002) 1, pp. 19-31.
29. V. Atluri, W.K. Huang, "Enforcing Mandatory and Discretionary Security in Workflow Management Systems". Proc. of the 5th Europ. Symp. on Research in Comp. Sec., 1996.
30. E. Gudes, et al., "Modelling, Specifying and Implementing Workflow Security in Cyberspace". Journal of Computer Security 7 (1999) 4, pp. 287-315.
31. W. K. Huang, V. Atluri, "SecureFlow: A secure Web-enabled Workflow Management System". ACM Workshop on Role-Based Access Control 1999, pp. 83-94.
32. J. Wainer, et al, "W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints". International Journal of Cooperative Information Systems. 12 (2003) 4, pp. 455-485.
33. W.M.P. Van der Aalst, "Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries". Information and Management 37 (2000) 2, pp. 67-75.
34. OMG, "UML 2.0 Superstructure Specification ". OMG, 2002.
35. D. Carlson, "Modeling XML Applications with UML: Practical E-Business Applications". Addison Wesley, Boston, 2001.
36. th International Multi-topic Conference (INMIC 2004), IEEE, Lahore, 2004.
37. Austrian Signature Act (Signaturgesetz - SigG), Art. 1 of the Act published in the Austrian Federal Law Gazette, part I, Nr. 190/1999.
38. R. Breu, M. Breu, M. Hafner, A. Nowak, "Web Service Engineering - Advancing A New Software Engineering Discipline". Accepted for ICWE 2005.
39. BEA, Intalio, Sun Microsystems, SAP, "Web Service Choreography Interface (WSCI)". August 2002.
40. G. Della-Libera et al, "Web Services Security Policy Language (WS-SecurityPolicy)". December 2002.
41. S. Anderson et al., "Web Services Trust Language (WS-Trust)". February 2005.
42. A. Barros et al., "A Critical Overview of the Web Services Choreography Description Language (WS-CDL)". BPTrends Newsletter, Volume 3, Number 3, March 1, 2005.
43. R. M. Dijkman, M. Dumas, "Service-Oriented Design: A Multi-Viewpoint Approach". Int. Journal of Cooperative Information Systems 13(4): 337-368 (2004).
44. M. Alam, R. Breu, M. Hafner, "Modeling permissions in a (U/X)ML world". Submitted to ECMDA 2005, Nuremberg, Germany.