Grid Business Process

This chapter presents a ‘Case Study’ based on the distributed market. The requirements of this Grid Business Process are more demanding than any typical business process deployed within a single organization or enterprise. Recently different specifications built on top of Web service standards have originated from the Grid paradigm to address limitations of stateless Web services. These emerging specifications are evaluated in the first part of the chapter to capture requirements of a dynamic business process i.e. Business Process Grid. In second part of the chapter, a case study with different use cases is presented to simulate various scenarios. The abstract discussion and requirements of the case study is followed by the actual implementation. The implementation is meant for the proof-of-concept rather than fully functional application.

Building Innovative Secure and Interoperable e-government Services

Research into initiatives worldwide shows that although some of the legal and or-ganizational barriers for the adoption of new technologies in e-government have been lifted, there are still not many implementations of actual e-government ser-vices that have been designed based on a common and systematic approach. The prevailing requirements for e-government services, interoperability and security, pose major challenges to e-government architects and it is now being slowly un-derstood that Web services in combination with public key infrastructures may provide the necessary solutions. In this context, this chapter presents three innova-tive e-government services based on these technologies, focusing on their security and interoperability aspects. The goal of the chapter is to demonstrate the ser-vices’ specifications and use cases so that they may act as examples for further re-search and development.

Protecting ASP.NET Web Services

This chapter reports on our experience of designing and implementing an architecture for protecting enterprise-grade Web service applications hosted by ASP.NET. Security mechanisms of Microsoft ASP.NET container—a popular hosting environment for Web services—have limited scalability, flexibility, and extensibility. They are therefore inade-quate for hosting enterprise-scale applications that need to be protected according to diverse and/or complex application-specific security policies. To overcome the limitations of ASP.NET security, we developed a flexible and extensible protection architecture. Deployed in a real-world security solution at a financial organization, the architecture enables integra-tion of ASP.NET into the organizational security infrastructure with reduced effort on the part of Web Service developers. Throughout this report, we discuss our design decisions, suggest best practices for constructing flexible and extensible authentication and authoriza-tion logic for Web Services, and share lessons learned.

Using SAML and XACML for Web Service Security&Privacy

Web service technology changes the way of conducting business by opening their services to the whole business world over the networks. This property of Web services makes the security and privacy issues more important since the access to the services becomes easier. Many Web service standards are emerging to make Web services secure and privacy protected. This chapter discusses two of them; SAML (OASIS, 2005) and XACML (OASIS, 2005). SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. In other words, SAML handles the user authentication and also carries attribute information for authorization (access control). XACML is the complementary standard of OASIS to make the access control decisions. This work is realized within the scope of the IST 027074 SAPHIRE Project which is an intelligent healthcare monitoring and decision support system.

Description of Policies Enriched by Semantics for Security Management

Policies, which usually govern the behaviour of networking services (e.g., security, QoS, mobility, etc.) are becoming an increasingly popular approach for the dynamic regulation of web information systems. By appropriately managing policies, a system can be continuously adjusted to accommodate variations in externally imposed constraints and environmental conditions. The adoption of a policy based approach for controlling a system requires an appropriate policy representation regarding both syntax and semantics, and the design and development of a policy management framework. In the context of the Web, the use of languages enriched with semantics has been limited primarily to represent Web content and services. However the capabilities of these languages, coupled with the availability of tools to manipulate them, make them well suited for many other kinds of applications, as policy representation and management. In this chapter, we present an evaluation of the ongoing efforts to use ontological (Semantic Web) languages to represent policies for distributed systems.

Dynamic Delegation of Authority in Web Services

Delegation of authority (DOA) is an essential procedure in every modern business. This chapter enumerates the requirements for a delegation of authority web service that allows users and services to delegate to other users and services authority to access computer based resources. The various models and architecture that can support a DOA web service are described. A key component of the DOA service is the organisation’s delegation policy which provides the rules for who is allowed to delegate what to whom, and which needs to be enforced by the DOA service. The essential elements of such a delegation policy are outlined. The chapter then describes a practical DOA web service that has been built and piloted in various grid applications. It concludes by reviewing some related research and highlighting where future research is still required.

Approaches and Best Practices in Web Service Style, XML Data Binding and Validation – Implications to Securing Web Services

This chapter shows how the WSDL interface style (RPC / Document), strength of data typing and approach to data binding and validation have important implications on application security (and interoperability). This is because some (common) bad-practices and poor implementation choices can render a service vulnerable to the consequences of propagating loosely bound or poorly constrained data. The chosen Web service style and strength of data typing dictate how SOAP messages are constructed and serialized, and to what extent SOAP messages can be constrained and secured during validation. The chosen approach to binding and validation dictates how and where the SOAP-body and SOAP-header (which includes the security constructs) are handled in the application, and also determines the reliability of message parsing. The authors show how these Web service styles and implementation choices must be carefully considered and applied correctly by providing implementation examples and best practice recommendations.

Enhancing Web Service Discovery and Monitoring with Quality of Service Information

Web services provide a fundamental technology for developing service-oriented systems by leveraging platform-independent interface descriptions (WSDL) and a flexible message encoding (SOAP). Beside the functional description, Quality of Service (QoS) issues are currently not part of the Web service standards stack, although they provide valuable metadata of a Web service such as performance, dependability, security or cost and payment. This additional information can be used to greatly enhance service discovery, selection and composition. As a result of the latest research that is dedicated to this area, this chapter deals with the various ways of describing, bootstrapping and evaluating QoS attributes. A strong focus is laid on client-side QoS assessment and the arising problems. Furthermore, a method to analyze Web service interactions by using our evaluation tool and extract important QoS information without any knowledge about the service implementation will be presented and thoroughly explained. Usually, taking performance measures for a specific Web service requires access to the service implementation or at least the server machine where it is hosted. This chapter will address a way to bootstrap the most important performance and dependability values form the client’s perspective and therefore overcoming these restrictions.

Combining Web Services and Grid Services

Web technologies have played a significant role in supporting the global sharing of Internet resources and thereby improving communications. On another front, Grids hold the promise to provide global interoperability and interconnectivity at a level considered impossible a few decades ago. In practice, there is not much difference between the existing Grid and Web infrastructures; in fact, a Grid infrastructure could be built by making minor modifications to a Web infrastructure. The implementation of Web-based Grids or a partially-Gridified Web is one of the potential solutions to Grid infrastructure problems. This can be done by sharing Grid services across the Grid infrastructure, effectively using the underlying Web services as vehicles or transporters of these services. The chapter discusses Grid services as another type of Grid resources, examines possible ways to integrate Grid services and Web services, and explores how this will support Grid resource discovery. It is argued that Grids should be developed using the underlying Web infrastructure and Grid services could be integrated with Web services using inheritance techniques to produce Grid-supported Web services. Furthermore, this approach seems to deal effectively with the problems of resource discovery in such partially-Gridified Web environments. An earlier version of this work has been presented in (Naseer, & Stergioulas, 2006a)

Security in Service-Oriented Architecture

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.