Abstract
Service Oriented Architectures (SOA’s) enable powerful application and end user service composition from independently defined services. The effective deployment of such composed services requires adaptation of and interoperability between services. This challenge can be approached by specifying service composition in policies, and by enforcing these policies in a sophisticated run-time architecture.
In this paper, we present an open architecture for enforcing and composing complex policies that can depend on the available services in the environment. Complex polices have typically been studied in the context of policy languages, yet they have never been fully supported in a SOA-based execution environment. We have created a flexible run-time architecture that maximizes interoperability, adaptability and evolution. We have prototyped our architecture on an Enterprise Service Bus and we illustrate how our solution supports realistic and complex policies.
Keywords
- Policy Language
- Service Composition
- Policy Rule
- Policy Enforcement
- Generic Message
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Chapter PDF
References
Bauer, L., Ligatti, J., Walker, D.: Composing Security Policies with Polymer. In: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp. 305–314 (2005)
Beznosov, K., Deng, Y., Blakley, B., Burt, C., Barkley, J.: A Resource Access Decision Service for CORBA-based Distributed Systems. In: Proceedings of the 15th Annual Computer Security Applications Conference, p. 310 (1999)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing SOAP e-services. International Journal of Information Security 1(2), 100–115 (2002)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. Lecture Notes in Computer Science 2001, pp. 18–38 (2001)
Dan, A., Dumitrescu, C., Ripeanu, M.: Connecting Client Objectives with Resource Capabilities: an Essential Component for Grid Service Managent Infrastructures. In: Proceedings of the 2nd International Conference on Service Oriented Computing, pp. 57–64 (2004)
D’Hondt, M., Jonckers, V.: Hybrid Aspects for Weaving Object-Oriented Functionality and Rule-Based Knowledge. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 132–140 (2004)
Dulay, N., Lupu, E., Sloman, M., Damianou, N.: A Policy Deployment Model for the Ponder Language. Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on, pp. 529–543 (2001)
The Open Group. Authorization (AZN) API. Open Group Technical Standard C908 (2000)
Interdisciplinary Institute for BroadBand Technology. T-CASE Project (Technologies and Capabilities for Service-Enabling) (2005) https://projects.ibbt.be/tcase/
Kagal, L.F., Joshi, T.A.: A Policy Language for a Pervasive Computing Environment. Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on, pp. 63–74 (2003)
Kanada, Y.: Taxonomy and Description of Policy Combination Methods. In: Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pp. 171–184 (2001)
Karjoth, G.: Access Control with IBM Tivoli Access Manager. ACM Transactions on Information and System Security 6(2), 232–257 (2003)
Kiczales, G.: Aspect-Oriented Programming. ACM Computing Surveys 28, 232–257 (1996)
OASIS. Security Assertion Markup Language Specification, Version 1.1 (2003)
OASIS. Web Services Security: SOAP Message Security, Version 1.0 (2004)
OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 (2005)
Papazoglou, M., Georgakopoulos, D.: Service-Oriented Computing: Introduction. Communications of the ACM, vol. 46(10) (2003)
Ritter, T., Schreiner, R., Lang, U.: Integrating Security Policies via Container Portable Interceptors. IEEE Distributed Systems Online, vol. 7 (2006)
Schlimmer, J., et al.: Web Services Policy Framework Specification, Draft Version (2004)
Schneider, F.B.: Enforceable Security Policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)
Sun Microsystems. Java Authrozation Contract for Containers (JACC) Version 1.0 (2003)
Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS Policy and Domain Services: Toward a Description-logic Approach to Policy Representation, Deconfliction, and Enforcement. Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on, pp. 93–96 (2003)
W3C. Web Services Addressing, W3C Member Submission (2004)
De Win, B.: Engineering Application-level Security through Aspect-Oriented Software development. PhD thesis, Katholieke Universiteit Leuven (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Goovaerts, T., De Win, B., Joosen, W. (2007). A Flexible Architecture for Enforcing and Composing Policies in a Service-Oriented Environment. In: Indulska, J., Raymond, K. (eds) Distributed Applications and Interoperable Systems. DAIS 2007. Lecture Notes in Computer Science, vol 4531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72883-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-72883-2_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72881-8
Online ISBN: 978-3-540-72883-2
eBook Packages: Computer ScienceComputer Science (R0)