U. M. Mbanaso, G. S. Cooper, Y. Rezgui, M. Wetherill, S. C. Boddy
Secure dynamic web services composition in the context of construction e-purchasing
Abstract: Service-Oriented Architectures based on Web Services are promising to revolutionize the implementation of open and dynamic transactions in many industries, including construction. However, the application of the technol-ogy is raising new security and privacy challenges. One aspect to be addressed in dealing with the security issues is user authorization. Traditionally, authorization systems tend to be unilateral in the sense that the service provider as-signs the access rights and makes the authorization decision, and there is no negotiation between the client and the ser-vice provider. Trust negotiation builds on this through the gradual release of remotely issued credentials to service providers. However, this is not sufficient where strict privacy governance is a requirement, particularly where the communicating parties have no pre-existing direct trust relationship. This paper addresses some of the security issues in Web Services composition in the context of construction e-purchasing. The framework presented in this paper allows Service Providers and Service clients to dynamically exchange security requirements and capabilities to determine how they can share their e-resources. We describe some applications of these concepts and show how they can be integrated into a Web Services environment for construction epurchasing.
Keywords: SOA, open and dynamic transactions, authorization decision, access rights, trust relationship
Full text: content.pdf (309,390 bytes) (available to registered users only)