Engineering Secure Web Services

Web services are key components in the implementation of Service Oriented Architectures (SOA), which must satisfy proper security requirements in order to be able to support critical business processes. Research works show that a large number of web services are deployed with significant security flaws, ranging from code vulnerabilities to the incorrect use of security standards and protocols. This chapter discusses state of the art techniques and tools for the deployment of secure web services, including standards and protocols for the deployment of secure services, and security assessment approaches. The chapter also discusses how relevant security aspects can be correlated into practical engineering approaches.

Download Full-text

Service Discovery

Handbook of Research on Ubiquitous Computing Technology for Real Time Enterprises ◽

10.4018/978-1-59904-832-1.ch005 ◽

2011 ◽

pp. 107-127

Author(s):

Gerhard Austaller

Keyword(s):

Web Services ◽

Real Time ◽

Service Provider ◽

Service Discovery ◽

Business Processes ◽

Software Component ◽

Service Oriented Architectures ◽

Network Connection ◽

Service Oriented ◽

The Moment

The chapter “Ubiquitous Services and Business Processes” discussed the benefits for real time enterprises of service oriented architectures (SOA) in terms of reusability and flexibility. Web services are one incarnation of SOA. This chapter gives a brief introduction to SOA. It discusses the attributes that define SOA, the roles of the participants in a service oriented environment. The essence of SOA is that clients use services offered by a service provider to get a task done. For the moment we simplify service to “a software component with network connection”. Services are offered with a description at wellknown “places” (also called registries, repositories), where clients choose services according to their needs. The chapter discusses several approaches to describe services and to look for them. Moreover, some well-known systems, and also current research, are discussed.

Download Full-text

When Parameterized Model Driven Development Supports Aspect Based SOA

International Journal of E-Business Research ◽

10.4018/jebr.2011070103 ◽

2011 ◽

Vol 7 (3) ◽

pp. 44-62 ◽

Cited By ~ 1

Author(s):

Valérie Monfort ◽

Slimane Hammoudi

Keyword(s):

Web Services ◽

Web Service ◽

Business Processes ◽

Design Solution ◽

Technical Solution ◽

Service Oriented Architectures ◽

Model Driven Development ◽

Model Driven ◽

Service Oriented ◽

Parameterized Model

Service-Oriented Architectures (SOA) are widely used by companies to gain flexibility. Web services are the fitted technical solution used to support SOA by providing interoperability and loose coupling. Basic Web services are being assembled to composite Web services in order to directly support business processes. However, there is much to be done to obtain a genuine flawless Web service, and current market implementations do not provide adaptable Web service behavior depending on the service contract. This paper proposes two different approaches to increase adaptability of Web services and SOA. The first approach is based on Aspect Oriented Programming (AOP) as a new design solution for Web services. The authors have implemented an infrastructure to enrich services with aspects and to dynamically reroute messages according to changes, without redeployment. The second approach combines Model Driven Development (MDD) and Context-Awareness to promote reuse and adaptability of Web services behavior depending on the service context. Parameterized transformation techniques are proposed to bind context with business logic implemented by a service. The aim is to merge the two approaches to abstract and reduce the technical complexity of aspect based service solution.

Download Full-text

Security in Service Oriented Architectures

Web Services Security Development and Architecture ◽

10.4018/978-1-60566-950-2.ch009 ◽

2010 ◽

pp. 187-211

Author(s):

Anne V.D.M. Kayem

Keyword(s):

Web Services ◽

Information Exchange ◽

Mitigation Strategies ◽

Security Architecture ◽

Security Model ◽

Service Oriented Architectures ◽

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Security Standards

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Download Full-text

Security in Service Oriented Architectures

Digital Rights Management ◽

10.4018/978-1-4666-2136-7.ch004 ◽

2013 ◽

pp. 50-73

Author(s):

Anne V.D.M. Kayem

Keyword(s):

Web Services ◽

Information Exchange ◽

Mitigation Strategies ◽

Security Architecture ◽

Security Model ◽

Service Oriented Architectures ◽

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Security Standards

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Download Full-text

Security in Service-Oriented Architecture

Service-Oriented Software System Engineering ◽

10.4018/978-1-59140-426-2.ch014 ◽

2005 ◽

pp. 292-316 ◽

Cited By ~ 1

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Service Oriented Architecture ◽

Security Requirements ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

Security Standards

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security requirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Download Full-text

Semantic Web Services and BPEL

Semantic Web Technologies and E-Business ◽

10.4018/978-1-59904-192-6.ch005 ◽

2007 ◽

pp. 127-153 ◽

Cited By ~ 5

Author(s):

Marc Rabaey ◽

Herman Tromp ◽

Koenraad Vandenborre ◽

Eddy Vandijck ◽

Martin Timmerman

Keyword(s):

Web Services ◽

Semantic Web ◽

Business Processes ◽

Enterprise Application Integration ◽

Semantic Web Services ◽

Service Oriented Architectures ◽

Enterprise Application ◽

Service Oriented ◽

Business Process Execution ◽

Semantic Service

An emerging technology like business process execution language (BPEL) and its implementation in BPEL for Web services (BPEL4WS) gives extra possibilities in describing business processes. It further adheres, as a technology, in a consistent way to the underlying Web service-based implementation technology and is a perfect fit for service-oriented architectures (SOA) as they are currently implemented throughout organizations as a successor to enterprise application integration (EAI). However, BPEL4WS, in its current implementation, will only serve in a static way for production workflows. In this chapter we discuss how Semantic Web services through a semantic service-oriented architecture (SSOA) can be used to extend BPEL4WS to create ad hoc and collaborative workflows.

Download Full-text

When Parameterized Model Driven Development Supports Aspect Based SOA

Mobile Applications and Knowledge Advancements in E-Business ◽

10.4018/978-1-4666-1960-9.ch013 ◽

2012 ◽

pp. 211-230

Author(s):

Valérie Monfort ◽

Slimane Hammoudi

Keyword(s):

Web Services ◽

Web Service ◽

Business Processes ◽

Design Solution ◽

Technical Solution ◽

Service Oriented Architectures ◽

Model Driven Development ◽

Model Driven ◽

Service Oriented ◽

Service Behavior

Service-Oriented Architectures (SOA) are widely used by companies to gain flexibility. Web services are the fitted technical solution used to support SOA by providing interoperability and loose coupling. Basic Web services are being assembled to composite Web services in order to directly support business processes. However, there is much to be done to obtain a genuine flawless Web service, and current market implementations do not provide adaptable Web service behavior depending on the service contract. This paper proposes two different approaches to increase adaptability of Web services and SOA. The first approach is based on Aspect Oriented Programming (AOP) as a new design solution for Web services. The authors have implemented an infrastructure to enrich services with aspects and to dynamically reroute messages according to changes, without redeployment. The second approach combines Model Driven Development (MDD) and Context-Awareness to promote reuse and adaptability of Web services behavior depending on the service context. Parameterized transformation techniques are proposed to bind context with business logic implemented by a service. The aim is to merge the two approaches to abstract and reduce the technical complexity of aspect based service solution.

Download Full-text

A Two Phases Self-healing Framework for Service-oriented Systems

ACM Transactions on the Web ◽

10.1145/3450443 ◽

2021 ◽

Vol 15 (2) ◽

pp. 1-25

Author(s):

Amal Alhosban ◽

Zaki Malik ◽

Khayyam Hashmi ◽

Brahim Medjahed ◽

Hassan Al-Ababneh

Keyword(s):

Web Services ◽

A Priori ◽

Fault Management ◽

Service Selection ◽

Exception Handling ◽

Self Healing ◽

Service Oriented Architectures ◽

Service Oriented ◽

Improved Performance ◽

High Level

Service-Oriented Architectures (SOA) enable the automatic creation of business applications from independently developed and deployed Web services. As Web services are inherently a priori unknown, how to deliver reliable Web services compositions is a significant and challenging problem. Services involved in an SOA often do not operate under a single processing environment and need to communicate using different protocols over a network. Under such conditions, designing a fault management system that is both efficient and extensible is a challenging task. In this article, we propose SFSS, a self-healing framework for SOA fault management. SFSS is predicting, identifying, and solving faults in SOAs. In SFSS, we identified a set of high-level exception handling strategies based on the QoS performances of different component services and the preferences articled by the service consumers. Multiple recovery plans are generated and evaluated according to the performance of the selected component services, and then we execute the best recovery plan. We assess the overall user dependence (i.e., the service is independent of other services) using the generated plan and the available invocation information of the component services. Due to the experiment results, the given technique enhances the service selection quality by choosing the services that have the highest score and betters the overall system performance. The experiment results indicate the applicability of SFSS and show improved performance in comparison to similar approaches.

Download Full-text

The role of business processes in service oriented architectures (Editorial)

International Journal of Business Process Integration and Management ◽

10.1504/ijbpim.2007.015160 ◽

2007 ◽

Vol 2 (2) ◽

pp. 75 ◽

Cited By ~ 3

Author(s):

Wil M.P. Van Der Aalst ◽

Frank Leymann ◽

Wolfgang Reisig

Keyword(s):

Business Processes ◽

Service Oriented Architectures ◽

Service Oriented

Download Full-text