Abstract. In order to secure collaborative business processes, we present a methodological approach that early integrates security and risk management throughout the design process of service-oriented architectures. We develop our methodology based on two complementary axes: the first being the business needs while the second, is ensuring a consistent security between partners at the runtime. The information security is globally applied to business needs, service specifications and infrastructure deployment. Finally, we annotate services with security parameters that could be used to improve the selection of secure services in run-time.
Service ecosystems provide distributed evolutionary capabilities allowing services to recombine and evolve in sustainable environments. Web services play a crucial role in service ecosystems since they support interoperable machine-to-machine interactions and help in developing new services from existing services by using a variety of composition languages. Business Process Execution Language (BPEL) has recently emerged as the de-facto standard for Web service composition. From the security perspective, Web service providers may require different authentication mechanisms to securely invoke their services. The integration of different authentication mechanisms complicates the global authentication scheme of BPEL-based processes and raises a challenge in adopting BPEL in service ecosystems. In this work, we propose the Security Service concept to define activity single sign-on (ASSO) for federated identify-based authentication. The Security Service allows the integration of heterogeneous authentication mechanisms in the context of multiple service providers. We also extend the activity to ensure nonintrusive extension of BPEL language and implement the Security Service in a peer-to-peer network.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.