On Specifying and Enforcing Access Control of Web Services Based Workflows
Web Services, Access Control, Web Service Selection, Composability
本論文已被瀏覽 6012 次,被下載 1555
在SOA的架構影響之下,網路服務(Web Service)可被當作是工作流程(Workflow)中的一部分元件,組合適當網路服務後,能夠快速滿足企業的需求。工作流程之中包含人工活動(Human Task)與自動活動(Automatic Task),選擇適當的執行者來執行工作,並且不違反組織內部和組織之間的存取控制限制(Access Control Constraints)。本研究提出一套動態的選擇策略,在工作流程中選擇適當的人員、適當的網路服務來執行工作流程中的每一個活動。此策略的選擇避免了違反與流程相關的存取控制限制,使得最終能夠順利完成流程的成功機率較高。實驗顯示我們的選擇策略能夠避免違反存取控制限制,比Composition為基礎的方法與Random兩種方法表現的好。
Web services have become the de facto standards as components for quickly building a business process that satisfies the business goal of an organization. Nowadays, Web services have found its way into describing the functions of automatic tasks as well as manual tasks. An important part in the specification of a business process, especially for manual tasks, is the access control. This thesis considers both types of tasks involved in a Web services-based process with its corresponding access control problem and proposes a selection approach for choosing the performer for each task so as to satisfy all access control constraints. Based on the role-based access control model, we focus on two types of access control: separation of duties (SoD) and binding of duties (BoD). Both role-level and participant-level of SoDs and of BoDs that need to be dynamically enforced and these constraints are considered in this thesis. The proposed performer selection approach is evaluated by a workflow scenario and is shown to have the highest chance of satisfying all predefined access control constraints when compared to other methods.
目次 Table of Contents
CHAPTER 1 - Introduction 8
1.1. Background 8
1.2. Motivation 9
CHAPTER 2 - Literature Review 13
2.1. Web Service Technology 13
2.1.1. SOAP 13
2.1.2. WSDL 14
2.1.3. UDDI 14
2.2. Web Service Composition 15
2.3. Workflow Access Control 16
2.4. Enforcing Access Control Constraints 18
CHAPTER 3 - Problem Definition 20
3.1. Preliminaries 20
3.2. Problem description 29
CHAPTER 4 - Our approach 30
4.1. Skeleton of our Approach 30
4.2. Adjusting the FSMs for each role and each web service 32
4.3. Building the Composition and deciding composabilities of configurations 37
4.4. Execution Time Delegation for Enforcing Participant-Level Access Control 43
CHAPTER 5 - Performance Evaluation 47
5.1. Purchase Process Scenario 47
5.2. Experimental Design 47
5.3. Experimental Result 51
CHAPTER 6 - Conclusion 54
References 55
