Advertisement

Combining Enforcement Strategies in Service Oriented Architectures

  • Gabriela Gheorghe
  • Bruno Crispo
  • Daniel Schleicher
  • Tobias Anstett
  • Frank Leymann
  • Ralph Mietzner
  • Ganna Monakova
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6470)

Abstract

Business regulations on enterprise applications cover both infrastructure and orchestration levels of the Service-Oriented Architecture(SOA) environment. Thus, for a correct and efficient enforcement of such requirements, full integration among different enforcement middleware is necessary. Based on previous work [1], we make a comparison between enforcement capabilities at business and infrastructure levels. Our contribution is to make a first step towards a policy enforcement model that combines the strengths of the orchestration level enforcement mechanisms with those of the message bus. The advantage of such a model is (1) that infrastructure and orchestration requirements are enforced by the most appropriate mechanisms, and (2) the ability to enforce regulations that would be otherwise impossible to enforce by a single mechanism. We present the architecture and a first prototype of such a model to show its feasibility.

Keywords

policy enforcement SOA BPEL ESB 

References

  1. 1.
    Gheorghe, G., Neuhaus, S., Crispo, B.: xESB: An enterprise service bus for access and usage control policy enforcement. In: Uehara, T. (ed.) IFIPTM 2010. LNCS, vol. 321, pp. 63–78. Springer, Heidelberg (2010)Google Scholar
  2. 2.
    Goovaerts, T., De Win, B., Joosen, W.: Infrastructural support for enforcing and managing distributed application-level policies. Electron. Notes Theor. Comput. Sci. 197(1), 31–43 (2008)CrossRefGoogle Scholar
  3. 3.
    Khalaf, R., Karastoyanova, D., Leymann, F.: Pluggable framework for enabling the execution of extended bpel behavior. In: Di Nitto, E., Ripeanu, M. (eds.) ICSOC 2007. LNCS, vol. 4907, pp. 376–387. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    van Lessen, T., Leymann, F., Mietzner, R., Nitzsche, J., Schleicher, D.: A Management Framework for WS-BPEL. In: Proceedings of the 6th IEEE European Conference on Web Services 2008, pp. 187–196. IEEE Computer Society, Los Alamitos (November 2008)CrossRefGoogle Scholar
  5. 5.
    Leune, K., van den Heuvel, W.J., Papazoglou, M.: Exploring a multi-faceted framework for soc: how to develop secure web-service interactions? In: Proc. 14th Intl. Workshop on Research Issues on Data Engineering, pp. 56–61 (March 2004)Google Scholar
  6. 6.
    Maierhofer, A., Dimitrakos, T., Titkov, L., Brossard, D.: Extendable and adaptive message-level security enforcement framework. In: International conference on Networking and Services, ICNS 2006, pp. 72–72 (2006)Google Scholar
  7. 7.
    Hafner, M., Mukhtiar Memon, R.B.: SeAAS - a reference architecture for security services in SOA. Journal of Universal Computer Science 15(15), 2916–2936 (2009)Google Scholar
  8. 8.
    Moser, O., Rosenberg, F., Dustdar, S.: Non-intrusive monitoring and service adaptation for ws-bpel. In: WWW, pp. 815–824 (2008)Google Scholar
  9. 9.
    Reichert, M., Dadam, P.: Adeptflex: Supporting dynamic changes of workflow without loosing control. Journal of Intelligent Information Systems 10, 93–129 (1998)CrossRefGoogle Scholar
  10. 10.
    Reichert, M., Rinderle-Ma, S., Dadam, P.: Flexibility in process-aware information systems. T. Petri Nets and Other Models of Concurrency 2, 115–135 (2009)CrossRefzbMATHGoogle Scholar
  11. 11.
    Svirskas, A., Isachenkova, J., Molva, R.: Towards secure and trusted collaboration environment for european public sector. In: Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2007. International Conference on, pp. 49–56 (2007)Google Scholar
  12. 12.
    Trojer, T., Kwong Lee, C., Fung, B.C.M., Narupiyakul, L., Hung, P.C.K.: Privacy-aware health information sharing. In: Privacy Aware Knowledge Discovery: Novel Applications and New Techniques, Chapman and Hall/CRC Press, Boca Raton (2010)Google Scholar
  13. 13.
    Tsai, W.T., Zhou, X., Chen, Y.: Soa simulation and verification by event-driven policy enforcement. In: ANSS-41 2008: Proceedings of the 41st Annual Simulation Symposium (anss-41 2008), pp. 165–172. IEEE Computer Society, Washington (2008)CrossRefGoogle Scholar
  14. 14.
    United States Code: Sarbanes-Oxley Act of 2002, pl 107-204, 116 stat 745. Codified in Sections 11, 15, 18, 28, and 29 USC (July 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Gabriela Gheorghe
    • 1
  • Bruno Crispo
    • 1
  • Daniel Schleicher
    • 2
  • Tobias Anstett
    • 2
  • Frank Leymann
    • 2
  • Ralph Mietzner
    • 2
  • Ganna Monakova
    • 2
  1. 1.University of TrentoItaly
  2. 2.University of StuttgartGermany

Personalised recommendations