Skip to main content
SpringerLink
Log in

XrML-RBLicensing approach adapted to the BPEL process of composite web services

  • Original Research Paper
  • Published:
Service Oriented Computing and Applications Aims and scope Submit manuscript

Abstract

Web service orchestration represents an open and standards-based approach for connecting web services together leading to higher level of business processes. Business Process Execution Language (BPEL) engines are designed to handle this orchestration. However, web service compositions into BPEL suffer from several non-functional requirements such as security. To address this problem, we propose in this paper a novel approach that is based on a harmony between the licensing concept offered by eXtensible rights Markup Language (XrML), aspect-oriented programming (AOP), and web service compositions in BPEL. Our proposed approach, based on XrML, offers the ability to associate security licenses with activities offered by the composite web services. It allows to automatically generate BPEL aspects depending on the developed licenses, to separate between crosscutting concerns of the composed web services, and provides an easy way to include and update the non-functional requirements (e.g., security) into a BPEL process. It offers also the ability to validate the licenses, at runtime and without affecting the business logic of this model. To evaluate our approach, we have developed an inventory control system (ICS) sample that is composed of several web services. Case study and performance analysis are presented to demonstrate its feasibility as well.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. Credential Set.

References

  1. Ardagna CA, Damiani E, De Capitani di Vimercati S, Samarati P (2006) A web service architecture for enforcing access control policies. Electron Notes Theor Comput Sci 142:47–62

    Google Scholar 

  2. Atkinson B et al. Web services security (WS-Security). http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

  3. Bhatti R, Joshi J, Bertino E, Ghafoor A (2003) Access control in dynamic XML-based web-services with X-RBAC. In: Proceedings of the international conference on web services (ICWS03), pp 243–249

  4. Bodkin R (2004) Enterprise security aspects. In: Proceedings of the AOSD 04 workshop on AOSD technology for application-level security (AOSD04:AOSDSEC)

  5. Charfi A, Mezini M (2004) Aspect-oriented web service composition with AO4BPEL. In ECOWS04

  6. ContentGuard. XrML The digital rights language for trusted content and services. http://www.xrml.org/

  7. DeWin B (2004) Engineering application level security through aspect oriented software development. PhD thesis, Katholieke Universiteit Leuven

  8. Evermann J (2007) A meta-level specification and profile for AspectJ in UML. J Object Technol 6(7):27–49

    Article  Google Scholar 

  9. Fuentes L, Sanchez P (2006) Elaborating UML 2.0 profiles for AO design. In: Proceedings of the international workshop on aspect-oriented modeling

  10. Huang M, Wang C, Zhang L (2004) Toward a reusable and generic security aspect library. In: Proceedings of the AOSD 04 workshop on AOSD technology for application level security (AOSD04:AOSDSEC)

  11. Ken North Computing. XML and web services: message processing vulnerabilities. http://www.webservicessummit.com/Articles/MessagingThreats.htm

  12. Kiczales G, Hilsdale E, Hugunin J, Kersten M, Palm J, Griswold WG (2001) An overview of AspectJ. In: Proceedings of the 15th european conference on object-oriented programming (ECOOP01), pp 327–353, London, UK. Springer

  13. Kiczales G, Lamping J, Menhdhekar A, Maeda Ch, Lopes C, Loingtier J-M, Irwin J (1997) Aspect-oriented programming. In: Akÿsit M, Matsuoka S (eds) In: Proceedings european conference on object-oriented programming, vol. 1241, pp. 220–242. Springer, Berlin

  14. Lockhart B et al. OASIS security services TC (SAML). http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  15. Moses T: OASIS eXtensible access control markup language(XACML), OASIS standard 2.0. http://www.oasis-open.org/committees/xacml/

  16. Nolan P (2004) Understand WS-Policy processing. IBM Corporation, Technical report

  17. Paci F, Bertino E, Crampton J (2008) An access-control framework for WS-BPEL. Int J Web Serv Res 5(3):20–43

    Google Scholar 

  18. Pavlich-Mariscal J, Michel L, Demurjian S (2007) Enhancing UML to model custom security aspects. In: Proceedings of the 11th international workshop on aspect-oriented modeling AOM@AOSD07

  19. Schlimmer J (2004) Web services policy framework (WS-Policy). http://www-128.ibm.com/developerworks/webservices/library/specification/ws-polfram/

  20. Shah V (2003) An aspect-oriented security assurance solution, Technical Report AFRL-IF-RS-TR-2003-254, Cigital Labs

  21. Tonella P, Di Francescomarino C (2009) Cooperative aspect oriented programming for executable business processes. In: Proceedings of The the 2009 ICSE workshop on principles of engineering service oriented systems., Vancouver, Canada

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Mathematics, Lebanese American University, Beirut, Lebanon

    Hanine Tout & Azzam Mourad

  2. Department of ECE, Khalifa University of Science, Technology & Research, Abu Dhabi, UAE

    Hadi Otrok

Authors
  1. Hanine Tout
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azzam Mourad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hadi Otrok
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Azzam Mourad.

Additional information

This work is supported by the Lebanese American University (LAU), CNRS Lebanon and Khalifa University of Science, Technology & Research (KUSTAR) UAE.

Electronic supplementary material

Below is the link to the electronic supplementary material.

Supplementary material 1 (mpg 8195 KB)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tout, H., Mourad, A. & Otrok, H. XrML-RBLicensing approach adapted to the BPEL process of composite web services. SOCA 7, 217–230 (2013). https://doi.org/10.1007/s11761-013-0127-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11761-013-0127-5

Keywords

Search

Navigation