Kees Leune scite author profile

Enterprises are rapidly extending their relatively stable and internally-oriented business processes and applications with loosely-coupled enterprise software services in order to support highly dynamic, crossorganizational business processes. These services are no longer solely based on internal enterprise systems, but often implemented, deployed and executed by diverse, external service providers. The ability to dynamically configure cross-organizational business processes with a mixture of internal and external services imposes new security requirements on existing security models.In this paper, we address the problem of defining and enforcing access control rules for securing service invocations in the context of a business process. For this purpose, we amortize existing role-based access control models that allow for dynamic delegation and retraction of authorizations. Authorizations are assigned on an event-driven basis, implementing a push-based interaction protocol between services. This novel security model is entitled the Event-driven Framework for Service Oriented Computing (EFSOC). In addition, this article presents an experimental prototype that is explored using a realistic case study.

show abstract

Trends Of Commonly Used Programming Languages in CS1 And CS2 Learning

Siegfried

Herbert-Berger

Leune

et al. 2021

View full text Add to dashboard Cite

Specification and querying of security constraints in the EFSOC framework

Leune

Papazoglou

Heuvel

2004

View full text Add to dashboard Cite

Service-Oriented Computing is a new paradigm for the specification and deployment of distributed services in highly dynamic environments. The very nature of the context in which service oriented computing thrives imposes unique security requirements. Large scale interconnection of systems and services, rapidly changing service compositions and adhoc composition and invocation of services require a flexible security model that is able to adapt to these changes. In this paper, we present an approach to specification and querying of security (access control) constraints in the context of the event-driven framework for service-oriented computing. 1

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kees Leune

Using Capture-the-Flag to Enhance the Effectiveness of Cybersecurity Education

Exploring a multi-faceted framework for SoC: how to develop secure web-service interactions?

EFSOC: A Layered Framework for Developing Secure Interactions between Web-Services

Trends Of Commonly Used Programming Languages in CS1 And CS2 Learning

Specification and querying of security constraints in the EFSOC framework

Contact Info

Product

Resources

About