Advertisement

Towards Secured and Interoperable Business Services

  • A. Esper
  • L. Sliman
  • Y. Badr
  • F. Biennier

Abstract

Due to structural changes in the market, from mass customisation to increased interest in product-services management, an exponential growth of a service ecosystem will emerge in the coming years. This shift in the economy creates a need for instant and ondemand collaborative organisations which involve radical changes in the organizational structure of enterprises, increasing the need for business interoperability. Unfortunately, existing enterprise engineering approaches and information systems technologies lack the intrinsic agility and adaptability features required by these service-based collaborative organisations. To overcome these limits, we introduce a new approach called the Enterprise Urbanism Concept to reorganize enterprises into sets of interoperable industrial services. This new approach relies on the extension of the concept of information system urbanism in order to take into account industrial constraints while reorganising service business units. Nevertheless, despite this intrinsic partner reorganisation, instant and on-demand collaborative organisations can be limited due to a lack of trust between partners. To overcome these limits, we reinforce our approach by clearly assessing contextual security policies based on the patrimony of a company and technological security components. These components can be dynamically added in respect to the collaboration context when organising a consistent chain of industrial services.

Keywords

Security issues in interoperability Interoperable enterprise architecture Service oriented Architectures for interoperability Business Process Reengineering in interoperable scenarios Enterprise modeling for interoperability 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Agrawal R., Kiernan J., Xu Y., Srikant R., 2002. Hippocratic Databases, 28th VLDB Conference, 10 pages, 2002.Google Scholar
  2. [2]
    Alberts C., Dorofee A., 2001. An Introduction to the OCTAVESM Method. CERT White Paper. Available Online at http://www.cert.org/octave/methodintro.html, [Last Visited September 30 2007]Google Scholar
  3. [3]
    Benguria G., Larruceat X., Elvesaeter B., Neple T., Beardsmore A., Friess M., 2007. A platform independent model for service oriented architecture. In Enterprise Interoperability: new challenges and approacghes. Doumeingts G., Müller J., Morel G., Vallespir B. Eds., Springer. pp. 23–32Google Scholar
  4. [4]
    Biennier F., Favrel J., 2003. Collaborative Engineering in Alliances of SMEs. Actes de PRO-VE’03. Lugano (Suisse), October 2003. In: Processes and foundations for virtual organizations. Camarinha-Matos L., Afsarmanesh H. (Eds.). Kluwer academic publishers. pp. 441–448Google Scholar
  5. [5]
    Biennier F., Buckard S., 2005. Organising Dynamic Virtual Organisation: Towards Enterprise Urbanism, APMS 2005Google Scholar
  6. [6]
    Biennier F., Favrel J., 2005. Collaborative Business and Data Privacy: Toward a Cyber-Control Computers in Industry, V. 56, no 4, pp. 361–370 (May 2005)Google Scholar
  7. [7]
    Biennier F., Mathieu H., 2005. Security Management: Technical Solutions v.s Global BPR Investment. Schedae informatica vol. 14, pp. 13–34Google Scholar
  8. [8]
    Biennier F., Mathieu H., 2006: Organisational Inter-Operability: Towards Enterprise Urbanism. In Entreprise interoperability — New challenges and approaches, Eds. Doumeingts G., Müller J., Morel G., Vallespir B. Eds. Springer. pp. 377–386Google Scholar
  9. [9]
    Biennier F., Ali L., Legait A., 2007. Extended Service Integration: Towards Manufacturing SLA. IFIP International Federation for Information Processing, Volume 246, Advances in Production Management Systems, Olhager, J., Persson, F.. Eds., pp.87–94Google Scholar
  10. [10]
    Chaari S., Benamar C., Biennier F., Favrel J., 2006. Towards service oriented enterprise. In the IFIP International Conference on PROgraming LAnguages for MAchine Tools, PROLAMAT 2006, 15–17 June, Shanghai, China, pp 920–925. (ISBN: 978-0-387-34402-7)Google Scholar
  11. [11]
    Chaari S., Badr Y., Biennier F., 2008. Enhancing Web Service Selection by QoS-Based Ontology and WS-Policy. accepted in the 23rd ACM Symposium on Applied Computing, Ceará, Brazil, 16–20 March 2008Google Scholar
  12. [12]
    CIGREF 2003. Accroitre l’agilité du système d’information. Livre blanc du CIGREF, September 2003.Google Scholar
  13. [13]
    Cranor Lorrie, Privacy with P3P, 239 pages, O’Reilly, 2001Google Scholar
  14. [14]
    CLUSIF, 2000. Mehari. Rapport Technique. 91pp, Available Online at https://www.clusif.asso.fr/fr/production/ouvrages/pdf/MEHARI.pdf [Last Visited September 30, 2007]Google Scholar
  15. [15]
    CLUSIF, 2005. Enquête sur les politiques de sécurité de l’information et la sinistralité informatique en France en 2005. online [Last Visited September 30, 2007]: http://www.clusif.asso.fr/fr/production/sinistralite/docs/etude2005.pdfGoogle Scholar
  16. [16]
    Common Criteria Organisation, 1999. Common Criteria for Information Technology Security Evaluation — Part I: introduction and general model version 2.1 — CCIMB 99-031. Available Online at http://www.commoncriteria.org/docs/PDF/CCPART1V21.PDF, 61 p. [Last Visited, September 30, 2007]Google Scholar
  17. [17]
    Direction Centrale de la Sécurité des Systèmes d’Information (DCSSI), 2004. Expression des Besoins et Identification des Objectifs de Sécurité: EBIOS, Rapport Technique. Available Online at http://www.ssi.gouv.fr/fr/confiance/ebios.html, [Last Visited, September 30, 2007]Google Scholar
  18. [18]
    DeVor R., Graves R., Mills J.J., 1997. Agile Manufacturing Research: Accomplishments and Opportunities. IIE Transactions no 29, pp. 813–823Google Scholar
  19. [19]
    Department Of Defence (DoD), 1985. Trusted Computer Security Evaluation Criteria-Orange Book. DOD 5200.28-STD report.Google Scholar
  20. [20]
    Djodjevic I., Dimitrakos T., Romano N., Mac Randal D., Ritrovato P., 2007. Dynamic security Perimeters for Inter-enterprise Service Iintegration. Future generation of computer systems (23). pp. 633–657CrossRefGoogle Scholar
  21. [21]
    EEC, 1991. Information Technology Security Evaluation Criteria. Available Online at http://www.cordis.lu/infosec/src/crit.htm, [Last Visited September 30, 2007]Google Scholar
  22. [22]
    Emerson D., Brandl D., 2002. Business to Manufacturing Markup Language (B2MML) version 01. 60 p.Google Scholar
  23. [23]
    Erickson J.S., 2003. Fair Use, DRM and Trusted Computing. Communications of the ACM, vol 46, no4,, pp.34–39CrossRefMathSciNetGoogle Scholar
  24. [24]
    Goldman S. Nagel R., Preiss K., 1995. Agile Competitors and Virtual Organisations. New York: Van Nostrand Reinhold.Google Scholar
  25. [25]
    IBM and Microsoft Corp., 2002. Security in a Web Services World: A Proposed Architecture and Roadmap. 28pp white paper, Available Online at ftp://www6.software.ibm.com/software/developer/library/ws-secmap.pdf, [Last Visited, September 30, 2007]Google Scholar
  26. [26]
    IBM, Microsoft, BEA, Layer 7 technology, Verisign, Novell Inc., 2006. Web Services Federation Language. Version 1.1. Available Online at http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-fed/WSFederation-V1-1B.pdf. [Last Visited, September 30, 2007]Google Scholar
  27. [27]
    IFAC-IFIP, 1999, GERAM: Generalized Enterprise Reference Architecture and Methodology, Version 1.6.3, IFAC-IFIP Task Force on Architecture and Methodology.Google Scholar
  28. [28]
    ISO, 2000. ISO/IEC 17799:2000 standard-Information technology. Code of Practice for Information Security Management.Google Scholar
  29. [29]
    Jürjens J., 2002, UMLsec: Extending UML for Secure Systems Development. Lecture Notes in Computer Science 2460, UML 2002 Proceedings, pp. 412–425Google Scholar
  30. [30]
    Lee H.L., 2004. The Triple A Supply Chain. Harvard Business Review, October 2004, pp. 102–112Google Scholar
  31. [31]
    Levitin A.V., Redman T.C., 1998. Data as a Resource: Properties, Implications and Prescriptions. Sloan management review, fall 1998. pp. 89–101Google Scholar
  32. [32]
    Lin A., Brown R., 2000, The Application of Security Policy to Role-based Access Control and the Common Data Security Architecture, Communication (23) pp. 1584–1593Google Scholar
  33. [33]
    Longépé C, 2003. The Enterprise Architecture IT Project-The Urbanisation Paradigm, Elsevier. 320p.Google Scholar
  34. [34]
    Mahoué F., 2001. The E-World as an Enabler to Lean. MSc Thesis. MIT.Google Scholar
  35. [35]
    Martin J., 1992. Rapid Application Development, Prentice Hall, Englewood Cliffs.Google Scholar
  36. [36]
    Moore A. P.; Ellison, R. J., Architectural Refinement for the Design of Survivable Systems. Technical Note (CMU/SEI-2001-TN-008), Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, October 2001, Available Online at http://www.sei.cmu.edu/publications/documents/01.reports/01tn008.html [Last Visited, September 30, 2007]Google Scholar
  37. [37]
    OASIS, 2004. Web Services Security: SOAP Message Security 1.0 (WS-SECURITY 2004). 56 pages Available Online at http://www.oasisopen.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf [Last Visited, September 30, 2007]Google Scholar
  38. [38]
    Schmidt M.T., Hutchinson B., Lambros P., Phippen R., 2005. The Enterprise Service Bus.: Making Service Oriented Architecture Real. IBM System Journals, vol. 44, no 4, pp.781–797.Google Scholar
  39. [39]
    Sliman L., Biennier F., Servigne S., 2006. Urbanisarion Conjointe de l’entreprise et de son Système d’Information. Colloque IPI 2006 proceedings: “Comprendre et piloter la mutation des systèmes de production”, pp. 169–180Google Scholar
  40. [40]
    Tekes, 2006. Sara-Value Networks in Construction 2003–2007. Sara technology programme, Available online at http://www.tekes.fi/english/programmes/sara [Last Visited, September 30, 2007]Google Scholar
  41. [41]
    Williams R., Wegerson P., 2002. MINI CMMI(SM), SE/SW/IPPD/SS Ver 1.1, Staged Representation. Cooliemon.Google Scholar
  42. [42]
    Womack J.P., Jones D.T., 2003. Lean Thinking, 2nd edition. Simon & Schuster, 404 pGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  • A. Esper
    • 1
  • L. Sliman
    • 1
  • Y. Badr
    • 1
  • F. Biennier
    • 1
  1. 1.LIESPINSA-LyonVilleurbanneFrance

Personalised recommendations