2006
DOI: 10.1007/11805588_21
|View full text |Cite
|
Sign up to set email alerts
|

From Business Process Choreography to Authorization Policies

Abstract: Abstract.A choreography specifies the interactions between the resources of multiple collaborating parties at design time. The runtime management of authorization policies in order to support such a specification is however tedious for administrators to manually handle. By compiling the choreography into enhanced authorization policies, we are able to automatically derive the minimal authorizations required for collaboration, as well as enable and disable the authorizations in a just-in-time manner that matche… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
9
0

Year Published

2008
2008
2019
2019

Publication Types

Select...
4
3
1

Relationship

2
6

Authors

Journals

citations
Cited by 13 publications
(9 citation statements)
references
References 13 publications
0
9
0
Order By: Relevance
“…Our policy derivation algorithm [20] uses the control flow of the choreography in order to minimize the time a policy is enabled. In addition to extracting only the relevant <InterAction> elements and enabling them over the lifetime of the choreography, we also use the control-flow of the choreography to trigger the enabling and disabling of the policies.…”
Section: Control-flow Aware Authorization Policy Derivationmentioning
confidence: 99%
See 1 more Smart Citation
“…Our policy derivation algorithm [20] uses the control flow of the choreography in order to minimize the time a policy is enabled. In addition to extracting only the relevant <InterAction> elements and enabling them over the lifetime of the choreography, we also use the control-flow of the choreography to trigger the enabling and disabling of the policies.…”
Section: Control-flow Aware Authorization Policy Derivationmentioning
confidence: 99%
“…The paper proceeds to describe related work towards addressing these requirements in Section 2, proposes an architecture in Section 3 and describes two main features of the architecture in detail in Sections 4 and 5 respectively: control-flow aware authorization policy derivation, which builds on previous work in [20]) and secure VO management, which builds on previous work in [5,14].…”
Section: Introductionmentioning
confidence: 99%
“…AC for service compositions within a single trust domain Robinson et al (2006) present an approach to "automatically derive the minimal authorizations required for collaboration, as well as enable and disable the authorizations in a just-in-time manner that matches the control flow described in the choreography." They use it for "runtime management of authorization policies" of ad-hoc combined web-service, but the basic idea could be utilized as building block in the approach described in this article.…”
Section: Related Workmentioning
confidence: 99%
“…Reputation systems have often been proposed to support Virtual Organizations (VO) formation [3,18,28,34]. A common problem that arises in these and other reputation systems is that the evaluated parties exert pressure to suppress negative ratings.…”
Section: Introductionmentioning
confidence: 99%
“…party is to threaten with negative ratings in return for negative ratings. It does not even have to be case that the reputation system accepts only mutual ratings, but as in the case of VO formation [34] where all parties are raters and ratees, one can retaliate in a seemingly unrelated transaction. The solution presented in this paper is to protect the privacy of the ratings, i.e.…”
Section: Introductionmentioning
confidence: 99%