An access-control framework for WS-BPEL

International Journal of Web Services Research

Volumn 5, Issue 3, 2008, Pages 20-43

  Paci, Federica ^a   Bertino, Elisa ^a   Crampton, Jason ^b  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

Activity; Authorization constraints; Business process; Permission; Role

Indexed keywords

SPECIFICATIONS; THERMODYNAMIC PROPERTIES; WEB SERVICES;

AUTHORIZATION CONSTRAINTS; BUSINESS PROCESS; PERMISSION; RESEARCH INTERESTS; ROLE; ROLE-BASED ACCESS CONTROL MODEL; SEPARATION OF DUTY; XML-BASED LANGUAGES;

ACCESS CONTROL;

EID: 55949114432     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2008070102     Document Type: Article

References (21)

1. Agrawal, A., et al. (2007a). Web services human task (WS-HumanTask), version 1.0. Retrieved from http://www.adobe.com/devnet/livecycle/ pdfs/ws\_humantask\_spec.pdf
2. Agrawal, A., et al. (2007b). WS-BPEL extension for people (BPEL4People), version 1.0. Retrieved from http://www.adobe.com/ devnet/livecycle/pdfs/bpel-4people_spec.pdf
3. Ahn, G.-J., Sandhu, R., Kang, M. H., & Park, J. S. (2000). Injecting RBAC to secure a Web-based workflow system. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control, Berlin, Germany (pp. 1-10). Retrieved from http://portal.acm.org/ citation.cfm?doid=344287.344295
4. Anderson, A. (2005). Core and hierarchical role based access control (RBAC) profile of XACML, version 2.0. OASIS. Retrieved from http:// docs.oasis-open.org/xacml/2.0/access\_control-xacml-2.0- rbac-profile1-spec-os.pdf
5. Atluri, V., & Huang, W. (1996). An authorization model for workflows. In Proceedings of the Fourth European Symposium on Research in Computer Security, Rome (LNCS 1146, pp. 44-64). Springer.
6. Bertino, E., Ferrari, E., & Atluri, V. (1999). The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1), 65-104.
7. Biron, P., & Malhotra, A. (2004). XML schema part 2: Datatypes. W3C. Retrieved from http://www.w3.org/TR/xmlschema-2
8. Botha, R. A., & Elofi, J. H. P. (2001). Separation of duties for access control enforcement in workflow environments. IBM Systems Journal, 40(3), 666-682.
9. Casati, F., Castano, S., & Fugini, M. (2001). Managing workflow authorization constraints through active database technology. Information Systems Frontiers, 3(3), 319-338.
10. Christensen, E., Curbera, F., Meredith, G., & Weerawarana, S. (2001). Web services description language (WSDL) version 1.1. W3C. Retrieved from http://www.w3.org/TR/2001/NOTE-wsdl-20010315
11. Clark, J., & DeRose, S. (1999). XML path language (XPath) version 1.0. W3C. Retrieved from http://www.w3.org/TR/1999 /REC-xpath-19991116
12. Crampton, J. (2005a). A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm (pp. 38-47).
13. Crampton, J. (2005b). XACML and role-based access control. Paper presented at the DIMACS Workshop on Security of Web Services and E-Commerce, Piscataway, NJ.
14. Jordan, D., & Evdemon, J. (2007). Web services business process execution language, version 2.0. OASIS. Retrieved from http:// docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.pdf
15. Koshutanski, H., & Massacci, F. (2003, October). An access control framework for business processes for Web services. In Proceedings of ACM Workshop on XML Security, Fairfax, VA (pp. 15-24).
16. Leymann, F. (2001). Web services flow language (WSFL 1.0). IBM Software Group. Retrieved from http://www-306.ibm.com/software/solutions/ webservices/pdf/WSFL.pdf
17. Moses, T. (2005). Extensible access control markup language (XACML), version 2.0. OASIS. Retrieved from http://docs.oasis-open.org/xacml/ 2.0/access\_control-xacml-2.0-core-spec-os.pdf
18. Rusinkiewicz, M., & Sheth, A. P. (1995). Specification and execution of transactional workflows. In Modern database systems: The object model, interoperability, and beyond (pp. 592-620). Addison-Wesley.
19. Thatte, S. (2001). XLANG Web services for business process design. Microsoft Corporation. Retrieved from http://www.gotdotnet.com/team/xml wsspecs/xlang-c/default.htm
20. Thompson, H. S., Beech, D., Maloney, M., & Mendelsohn, N. (2004). XML schema part 1: Structures. W3C. Retrieved from http:/ /www.w3.org/TR/xmlschema-1
21. Wainer, J., Barthelmess, P., & Kumar, A. (2005). W-RBAC: A workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4), 455-486.