Managing Conflict of Interest in Service Composition

  • Haiyang Sun
  • Weiliang Zhao
  • Jian Yang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6426)


Web services can be composed of other services in a highly dynamic manner. The existing role based authorization approaches have not adequately taken component services into account when managing access control for composite services. In this paper, we propose a service oriented conceptual model as an extension of role based access control that can facilitate the administration and management of access for service consumers as well as component services in composite web services. Various types of conflict of interest are identified due to the complicated relationships among service consumers and component services. A set of authorization rules are developed to prevent the conflict of interest. This research is a step forward to addressing the challenge in authorization in the context of composite web services.


Authorization Conflict of Interest Composite Web Services 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Papazoglou, M., Georgakopoulos, D.: Service-Oriented Computing. Communications of the ACM 46(10), 25–28 (2003)CrossRefGoogle Scholar
  2. 2.
    Sandhu, R.S., Coyne, E., Feinstein, H., Youman, C.: Role-based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D., Cugini, J., Kuhn, R.: Role Based Access Control: Features and Motivations. In: Proceedings of ACSAC (1995)Google Scholar
  4. 4.
    Sun, H., Zhao, W., Yang, J.: SOAC: A Conceptual Model for Managing Service-Oriented Authorization. In: Proceedings of the IEEE International Conference on Service Computing, pp. 546–553 (2010)Google Scholar
  5. 5.
    Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WS-BPEL. In: Proceedings of the IEEE International Conference on Web Services, pp. 275–284 (2006)Google Scholar
  6. 6.
    Paci, F., Bertino, E., Crampton, J.: An Access Control Framework for WS-BPEL. International Journal of Web Service Research 5(3), 20–43 (2008)CrossRefGoogle Scholar
  7. 7.
    Jordan, D., et al.: Web Services Business Process Execution Language Version 2.0 (WS-BPEL 2.0) (August. 2006),
  8. 8.
    Mecella, M., Ouzzani, M., Paci, F., Bertino, E.: Access Control Enforcement for Conversation-based Web Service. In: Proceedings of the International World Wide Web Conference, pp. 257–266 (2006)Google Scholar
  9. 9.
    Paci, F., Ouzzani, M., Mecella, M.: Verification of Access Control Requirements In Web Servies Choreography. In: Proceedings of SCC, pp. 5–12 (2008)Google Scholar
  10. 10.
    Wonohoesodo, R., Tari, Z.: A Role Based Access Control for Web Services. In: Proceedings of SCC, pp. 49–56 (2004)Google Scholar
  11. 11.
    Fischer, J., Majumdar, R.: A Theorey of Role Composition. In: Proceedings of ICWS, pp. 49–56 (2008)Google Scholar
  12. 12.
    Ferraiolo, D., Sandhu, R., et al.: Proposed NIST Standard for Role-Based Access Control. ACM Trans. on Information and System Security (TISSEC) 4(3), 224–274 (2001)CrossRefGoogle Scholar
  13. 13.
    Giblin, C., Hada, S.: Towards Separation of Duties for Services. In: The 6th Int. Workshop on SOA & Web Services Best Practices Committee, OOPSLA, Nashville, October 19 (2008)Google Scholar
  14. 14.
    Ahn, G., Sandhu, R.: Role-Based Authorization Constraints Specification. ACM Transactions on Information and System Security (TISSEC) 3(4), 207–226 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Haiyang Sun
    • 1
  • Weiliang Zhao
    • 1
  • Jian Yang
    • 1
  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia

Personalised recommendations