Results 1 - 10
of
14
A.: Declarative Policies for Describing Web Service Capabilities and Constraints
- In: W3C Workshop on Constraints and Capabilities for Web Services, Oracle Conference
, 2004
"... Though the description of capabilities and constraints for web services is an important problem, we believe that is it part of a much larger problem: controlling the behavior of autonomous entities in open, dynamic environments. This problem deals with not only with the specification of attributes ( ..."
Abstract
-
Cited by 12 (0 self)
- Add to MetaCart
(Show Context)
Though the description of capabilities and constraints for web services is an important problem, we believe that is it part of a much larger problem: controlling the behavior of autonomous entities in open, dynamic environments. This problem deals with not only with the specification of attributes (i.e. privacy restrictions, access control rules, communication requirements) that will enable interacting entities to behave appropriately, but also with the specification of all aspects of the behavior of entities (i.e. what entities can or must or may do under certain circumstances). Actually, the former specification is a subset of the latter. We believe that research into governing behavior of autonomous entities like agents and web services will provide suitable solutions to these kind of specifications. We propose that behavior can be described using declarative policies that are based on deontic concepts including permissions, obligations, claims, prohibitions, and privileges. These policies will describe what the ideal behavior for an entity is in a certain context. For example, the constraint You must use HTTP Authentication when accessing this service can be modeled as appropriate behavior for an entity (agent, web service, human user) that wants to use a service. The entity is ’permitted’ to access the service if it meets a certain condition i.e. uses HTTP authentication. It can be described as an access control policy for the service. However, these policy specifications should not only be
Specification of Access Control and Certification Policies for Semantic Web Services
- 6TH INTERNATIONAL CONFERENCE ON ELECTRONIC COMMERCE AND WEB TECHNOLOGIES, VOLUME 3590 OF LECTURE 2 HTTPS://JAVACC.DEV.JAVA.NET
, 2005
"... Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this ..."
Abstract
-
Cited by 9 (5 self)
- Add to MetaCart
(Show Context)
Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this purpose. However, since practically every participant can certify capabilities defined in his/her own terminology, determining the semantics of certified capabilities and the trustworthiness of certification authorities are two major challenges in such a setting. In this paper, we show, (1) how certification authorities and their certification policies can be modeled semantically (2) how Web service providers can specify and check the consistency of their access control policies and (3) how end users can check automatically, whether they have access to a Web service.
Location-based metadata and negotiation protocols for LBAC in a one-to-many scenario
- IN PROC. OF THE WORKSHOP ON SECURITY AND PRIVACY IN MOBILE AND WIRELESS NETWORKING (SECPRI MOBIWI 2006
, 2006
"... Location-based Access Control (LBAC) techniques allow the definition of users ’ access rights based on location predicates that exploit the users ’ physical location. However, evaluating the physical location of a user is a specialized activity that is unlikely to be performed by the same entity (e. ..."
Abstract
-
Cited by 5 (5 self)
- Add to MetaCart
(Show Context)
Location-based Access Control (LBAC) techniques allow the definition of users ’ access rights based on location predicates that exploit the users ’ physical location. However, evaluating the physical location of a user is a specialized activity that is unlikely to be performed by the same entity (e.g., organization or system) in charge of the access control decision. For this reason, location evaluation is usually assumed to be provided by specific Location Services (LSs) possibly coexisting in a same area and competing one with the others. In this paper, we address the issues related to the communication and negotiation between an Access Control Engine (ACE) enforcing access rules that include location-based predicates and multiple, functionally equivalent, LSs. We introduce metadata for the exchange of service level agreement attributes between the ACE and the LSs. Based on such metadata we develop different negotiation protocols, from a basic negotiation protocol that shows the core aspects of our proposal to an enhanced protocol that enriches the interaction by taking into account a cost/benefit analysis and some service requirements. Finally, we present an extension to the enhanced protocol to consider possible time validity constraints on access control decisions.
Ontology-Based Engineering for Selfmanaging Communications
- Proc. 1st IEEE Int. Workshop on Modeling Autonomic Communications Environments
, 2006
"... Abstract. Ontology-based semantics support encoding and mapping between separately authored and thus heterogeneous knowledge, and is expressed in widely accepted standards (e.g. W3C’s OWL). It has been suggested that ontology-based semantics will bring benefits to the management of a diversity of sy ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
(Show Context)
Abstract. Ontology-based semantics support encoding and mapping between separately authored and thus heterogeneous knowledge, and is expressed in widely accepted standards (e.g. W3C’s OWL). It has been suggested that ontology-based semantics will bring benefits to the management of a diversity of systems, ranging from conventional communication services to future autonomic communication services. This paper examines the state of the art in the application of ontological modeling to a range of concerns of interest in the engineering of communication services. In particular the role of ontology modeling for the modeling of services, policies, context, management information and semantic mappings will be examined. 1
Provably secure execution of composed semantic web services
- In International AAMAS-Workshop on Privacy and Security in Agent-based Collaborative Environments, PSACE-2006
, 2006
"... Abstract. In this paper, we present an approach to solve the problem of secure execution of semantic web service composition plans. The integrated components of this approach include our OWL-S service matchmaker, OWLS-MX, the service composition planner, OWLS-XPlan, and the security checker module f ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Abstract. In this paper, we present an approach to solve the problem of secure execution of semantic web service composition plans. The integrated components of this approach include our OWL-S service matchmaker, OWLS-MX, the service composition planner, OWLS-XPlan, and the security checker module for formally verifying the compliance of the created composition plan to be executed with given data and service security policies using type-based information flow analysis. 1
Examinateurs: Directeur de Thèse:
"... Présentée pour obtenir le grade de docteur de l’Ecole d’Ingénieur TELECOM ..."
Abstract
- Add to MetaCart
Présentée pour obtenir le grade de docteur de l’Ecole d’Ingénieur TELECOM
Preserving Privacy in Dynamic Web Service Composition
"... The proliferation of web services as self-contained web accessible programs and the idea of the Semantic Web of making information computer-interpretable enables the dynamic composition of complex services assembled from various individual services and typically distributed over the web. Following t ..."
Abstract
- Add to MetaCart
(Show Context)
The proliferation of web services as self-contained web accessible programs and the idea of the Semantic Web of making information computer-interpretable enables the dynamic composition of complex services assembled from various individual services and typically distributed over the web. Following the paradigm of pervasive computing, pro-active agents are installed on mobile phones or PDAs operating on the web and handle the context-aware discovery of appropriate services and use AIbased plan generation techniques to dynamically compose the retrieved service to solve complex tasks. Functional composition of complex services is well understood and supported. However, the introduction of web services in general and dynamic web service composition (e.g. [2, 7]) in particular requires appropriate security facilities to guarantee the security requirements of all participants. On the one hand, web services have to be protected against misuse of their resources, and on the other hand, the user of web services require the privacy of their data. Standard approaches for secure execution of services such as those using REI [6] or Ponder [3] are based on the
Distributed Policy Specification and Enforcement in Service-Oriented Business Systems
"... Service-Oriented Computing (SOC) and Web Services (WS) provide a flexible computing platform for electronic business and commerce. Introducing policy-based computing to service-oriented business systems adds another dimension of flexibility and security. While service composition and re-composition ..."
Abstract
- Add to MetaCart
(Show Context)
Service-Oriented Computing (SOC) and Web Services (WS) provide a flexible computing platform for electronic business and commerce. Introducing policy-based computing to service-oriented business systems adds another dimension of flexibility and security. While service composition and re-composition in service-oriented business systems allow major system reconstruction, policy-based computing can better deal with the small and routine changes of business processing. This paper reports our latest research on integrating policy-based computing into service-oriented business system and discusses its feasibility, benefits and cost. Under this research, we designed a policy specification and enforcement language PSEL for specifying system constraints and business rules. We implemented a runtime environment in which a service-oriented business system can be modeled, analyzed, deployed, and executed with policy enforcement. Automated tools have been developed to facilitate the entire development process. The cost of policy-based computing is experimentally evaluated. Keywords: Service-oriented architecture, Web services, policy-based computing, policy specification
Negotiation Protocols for LBAC Systems
"... Location-based Access Control (LBAC) systems are based on applications whose access control policies include location predicates. The enforcement of location predicates is performed by an Access Control Engine (ACE) and requires complex location services integrating sensing technologies able to gath ..."
Abstract
- Add to MetaCart
Location-based Access Control (LBAC) systems are based on applications whose access control policies include location predicates. The enforcement of location predicates is performed by an Access Control Engine (ACE) and requires complex location services integrating sensing technologies able to gather users’ physical location and components that process this information according to LBAC specifications. A specialized Location Middleware (LM) provides such location services. In this paper, we consider that the quality of such particular location services could be adjusted according to different Service Level Agreements (SLAs) expressed through the exchange of specific metadata. To this end, we address the issue of negotiating location service attributes between an ACE and a LM and introduce some protocols to carry out this coordination process. We start from a basic negotiation protocol that shows the core aspects of our proposal, to introduce an enhanced protocol that takes into account a cost/benefit analysis and some service requirements. Finally, we present an extension to the enhanced protocol to consider possible time validity constraints on access control decisions.
