Managing Conflict of Interest in Service Composition
Web services can be composed of other services in a highly dynamic manner. The existing role based authorization approaches have not adequately taken component services into account when managing access control for composite services. In this paper, we propose a service oriented conceptual model as an extension of role based access control that can facilitate the administration and management of access for service consumers as well as component services in composite web services. Various types of conflict of interest are identified due to the complicated relationships among service consumers and component services. A set of authorization rules are developed to prevent the conflict of interest. This research is a step forward to addressing the challenge in authorization in the context of composite web services.
KeywordsAuthorization Conflict of Interest Composite Web Services
Unable to display preview. Download preview PDF.
- 3.Ferraiolo, D., Cugini, J., Kuhn, R.: Role Based Access Control: Features and Motivations. In: Proceedings of ACSAC (1995)Google Scholar
- 4.Sun, H., Zhao, W., Yang, J.: SOAC: A Conceptual Model for Managing Service-Oriented Authorization. In: Proceedings of the IEEE International Conference on Service Computing, pp. 546–553 (2010)Google Scholar
- 5.Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WS-BPEL. In: Proceedings of the IEEE International Conference on Web Services, pp. 275–284 (2006)Google Scholar
- 7.Jordan, D., et al.: Web Services Business Process Execution Language Version 2.0 (WS-BPEL 2.0) (August. 2006), http://docs.oasis-open.org/wsbpel/2.0/
- 8.Mecella, M., Ouzzani, M., Paci, F., Bertino, E.: Access Control Enforcement for Conversation-based Web Service. In: Proceedings of the International World Wide Web Conference, pp. 257–266 (2006)Google Scholar
- 9.Paci, F., Ouzzani, M., Mecella, M.: Verification of Access Control Requirements In Web Servies Choreography. In: Proceedings of SCC, pp. 5–12 (2008)Google Scholar
- 10.Wonohoesodo, R., Tari, Z.: A Role Based Access Control for Web Services. In: Proceedings of SCC, pp. 49–56 (2004)Google Scholar
- 11.Fischer, J., Majumdar, R.: A Theorey of Role Composition. In: Proceedings of ICWS, pp. 49–56 (2008)Google Scholar
- 13.Giblin, C., Hada, S.: Towards Separation of Duties for Services. In: The 6th Int. Workshop on SOA & Web Services Best Practices Committee, OOPSLA, Nashville, October 19 (2008)Google Scholar