Protocol engineering for web services conversations

Paurobally, Shamimabi; Jennings, Nicholas R.

doi:10.1016/j.engappai.2004.12.005

Cited by 33 publications

(13 citation statements)

References 5 publications

(4 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SCIFC [12] uses various mechanism (such as back-check procedure, carry-along policies, and transformation factors) and algorithms to make sure whether a service chain can be successfully invoked. The objectives of quite a few researches are also about negotiation [25][26][27][28][29][30]. A negotiation model generally fails to check information flows within software during execution.…”

Section: Related Workmentioning

confidence: 99%

Controlling Information Flows in Net Services with Low Runtime Overhead

Chou

2015

IJCNIS

View full text Add to dashboard Cite

Abstract-This paper presents the information flow control model NetIFC to prevent information leakage when a net service is being executed. NetIFC offers the following features: (1) it blocks at least statements as possible and (2) it reduces runtime overhead. To achieve the first feature, NetIFC strictly controls output statements because only output may leak information. To achieve the second feature, NetIFC is executed in parallel with a service in different sites to monitor the service. This monitoring style substantially reduce runtime overhead when comparing with embedding a model in a net service.Index Terms-Information flow, information flow control, information security, information leakage prevention, runtime overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Controlling Information Flows in Net Services with Low Runtime Overhead

Chou

2015

IJCNIS

View full text Add to dashboard Cite

show abstract

“…Recent papers [3,4,13] have argued that a Web service is more than a set of independent operations. In fact, during a Web service's invocation, a client interacts with the service performing a sequence of operations in a particular order.…”

Section: Related Workmentioning

confidence: 99%

“…Specifically, [3,4] adopt a model based on finite transition systems (aka finite state machines) for representing all possible conversations. The approach of [13] is based on the combined use of two Web service languages, WS-Conversation (WSCL) and WS-Agreement, that allows one to specify non-trivial conversations in which several messages have to be exchanged before the service is completed and/or the conversation may evolve in different ways depending on the state and the needs of the requesting agents and of the service provider.…”

Section: Related Workmentioning

confidence: 99%

Access control enforcement for conversation-based web services

Mecella

Ouzzani

Paci

et al. 2006

Proceedings of the 15th International Conference on World Wide Web

View full text Add to dashboard Cite

Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on the Web. The widespread use of Web services is hindered by the lack of adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based Web services. Our approach takes into account the conversational nature of Web services. This is in contrast with existing approaches to access control enforcement that assume a Web service as a set of independent operations. Furthermore, our approach achieves a tradeoff between the need to protect Web service's access control policies and the need to disclose to clients the portion of access control policies related to the conversations they are interested in. This is important to avoid situations where the client cannot progress in the conversation due to the lack of required security requirements. We introduce the concept of k-trustworthiness that defines the conversations for which a client can provide credentials maximizing the likelihood that it will eventually hit a final state.

show abstract

“…We also discuss the beginning of an implementation for developing agent web service agreements over IBM's ETTK toolkit [4]. The work in this paper considers more pragmatic issues than our previous work in [7]. Compared to [7], here, 1) we ground our work with a scenario in the insurance sector, 2) since WSCL (Web Service Conversation Language) has become obsolete, we adapt our approach to only be compatible with WS-Agreement rather than propose a WSCL/WSAgreement extension as in [7] and, 3) we discuss our first attempts at implementing agent web service agreements.…”

Section: Introductionmentioning

confidence: 99%

“…The work in this paper considers more pragmatic issues than our previous work in [7]. Compared to [7], here, 1) we ground our work with a scenario in the insurance sector, 2) since WSCL (Web Service Conversation Language) has become obsolete, we adapt our approach to only be compatible with WS-Agreement rather than propose a WSCL/WSAgreement extension as in [7] and, 3) we discuss our first attempts at implementing agent web service agreements. This paper advances the state of the art through a framework that extends the conversational capabilities of web services by supporting non-trivial interactions in which several messages have to be exchanged before the service is completed and/or the conversation may evolve in different ways depending on the state and the needs of the participants.…”

Section: Introductionmentioning

confidence: 99%