Abstract
Message processing can become unsecured resulting in unreliable business collaboration in terms of authorization policy conflicts, for example, when (1) incorrect role assignment or modification occurs in a partner’s services or (2) messages transferred from one organization are processed by unqualified roles in other collaborating business participants. Therefore, verification mechanism based on access policies is critical for managing secured message processing in business collaboration. In this paper, we exploit a role authorization model, Role-Net, which is developed based on Hierarchical Colored Petri Nets (HCPNs) to specify and manage role authorization in business collaboration. A property named Role Authorization Based Dead Marking Freeness is defined based on Role-Net to verify business collaboration reliability according to partners’ authorization policies. An algebraic verification method for secured message processing is introduced as well.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Papazoglou, M., Georgakopoulos, D.: Service-Oriented Computing. Communications of the ACM 46(10), 25–28 (2003)
Wang, X., Zhang, Y., Shi, H., Yang, J.: BPEL4RBAC: An Authorisation Specification for WS-BPEL. In: Bailey, J., Maier, D., Schewe, K.-D., Thalheim, B., Wang, X.S. (eds.) WISE 2008. LNCS, vol. 5175, pp. 381–395. Springer, Heidelberg (2008)
Sandhu, R.S., Coyne, E., Feinstein, H., Youman, C.: Role-based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Ferraiolo, D., Cugini, J., Kuhn, R.: Role Based Access Control: Features and Motivations. In: Proceedings of ACSAC (1995)
Girault, C., Valk, R.: Petri Nets for Systems Engineering: A Guide to Modeling, Verification, and Applications. Springer, Heidelberg (2003)
Sun, H., Wang, X., Yang, J., Zhang, Y.: Authorization Policy Based Business Collaboration Reliability Verification. In: Proceedings of ICSOC, pp. 579–584 (2008)
Song, Y., Lee, J.: Deadlock Analysis of Petri Nets Using the Transitive Matrix. In: Proceedings of the SICE Annual Conference, pp. 689–694 (2002)
Paci, F., Ouzzani, M., Mecella, M.: Verification of Access Control Requirements in Web Services Choreography. In: Proceedings of the IEEE International Conference on Service Computing, pp. 5–12 (2008)
Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WS-BPEL. In: Proceedings of the IEEE International Conference on Web Services, pp. 275–284 (2006)
Liu, P., Chen, Z.: An Access Control Model for Web Services in Business Process. In: Proceedings of the 2004 IEEE/WIC/ACM International Conference on Web Intelligence, pp. 292–298 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, H., Yang, J., Wang, X., Zhang, Y. (2009). A Verification Mechanism for Secured Message Processing in Business Collaboration. In: Li, Q., Feng, L., Pei, J., Wang, S.X., Zhou, X., Zhu, QM. (eds) Advances in Data and Web Management. APWeb WAIM 2009 2009. Lecture Notes in Computer Science, vol 5446. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00672-2_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-00672-2_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00671-5
Online ISBN: 978-3-642-00672-2
eBook Packages: Computer ScienceComputer Science (R0)