Abstract
A choreography specifies the interactions between the resources of multiple collaborating parties at design time. The runtime management of authorization policies in order to support such a specification is however tedious for administrators to manually handle. By compiling the choreography into enhanced authorization policies, we are able to automatically derive the minimal authorizations required for collaboration, as well as enable and disable the authorizations in a just-in-time manner that matches the control flow described in the choreography. We have evaluated the advantage of this utility in a collaborative engineering scenario.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Barros, A., Dumas, M., Oaks, P.: A Criticial Overview of the Web Services Choreography Description Language, BPTrends (2005)
Danesh, M.R., Jin, Y.: An Aggregated Value Model for Collaborative Engineering Decisions. In: Proceedings of the 5th ASME Design for Manufacturing Conference (2000)
Gould, A., Barker, S., Carver, E., Golby, D., Turner, M.: BAEgrid: From e-Science to e-Engineering. In: Proceedings of the UK e-Science All Hands Meeting (2003)
Harrison, M., Ruzzo, W., Ullman, J.: Protection in Operating Systems. Communications of the ACMÂ 19(8) (1976)
Holbein, R., Teufel, S., Bauknecht, K.: The use of business process models for security design in organisations. In: Proceedings of SEC (1996)
Kang, M., Park, J., Froscher, J.: Access control mechanisms for inter-organizational workflow. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (2001)
Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y., Barreto, C.: Web Services Choreography Description Language Version 1.0 (2005), available at: http://www.w3.org/TR/ws-cdl-10/
Knorr, K.: Dynamic access control through Petri net workflows. In: Proceedings of the 16th Annual Computer Security Applications Conference (2000)
Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proceedings of the 13th IEEE International Workshops on Enabling Technologies (2004)
Robinson, P., Karabulut, Y., Haller, J.: Dynamic Virtual Organization Management for Service Oriented Enterprise Applications. In: Proceedings of IEEE CollaborateCom (2005)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (1996)
Samarati, P., di Vimercati, S.d.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
Dimitrakos, T., Ristol, S., Wilson, M.: TrustCoM: A Trust and Contract Management Framework for Dymamic Virtual Organisations. ERCIM News Magazine (2004)
Thomas, R.: Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the 2nd ACM workshop on Role-basedAccess Control (1997)
Thomas, R., Sandhu, R.: Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In: Proceedings of the IFIP 11th International Conference on Database Security (1998)
van der Aalst, W.M.P., Weske, M.:The P2P Approach to Interorganizational Workflows. LNCS. Springer, Heidelberg (2001)
Yao, W., Moody, K., Bacon, J.: A Model of OASIS Role-Based Access Control and its Support for Active Security. In: Proceedings of 6th ACM Symposium on Access Control Models and Technologies (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Robinson, P., Kerschbaum, F., Schaad, A. (2006). From Business Process Choreography to Authorization Policies. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_21
Download citation
DOI: https://doi.org/10.1007/11805588_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36796-3
Online ISBN: 978-3-540-36799-4
eBook Packages: Computer ScienceComputer Science (R0)