Title :
Types for Workflow Access Control in Web Service Context
Author :
Lu, Yahui ; Zhang, Li
Author_Institution :
Coll. of Software, Shenzhen Univ., Shenzhen, China
Abstract :
Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between Web services. Access control is an important security mechanism to protect the resources to be only accessed by authorized users in such collaborative environments. In this paper, we aim at developing a method for formalizing and analyzing workflow access control in Web service context. To achieve this goal, we first present WSPI, Web Service Pi calculus, to formalize Web services and workflow processes. Based on WSPI, a type system is proposed to ensure that the specified TBAC policy is respected during system reductions. By subject reduction, the well-typed system can guarantee the system security and avoid access violations in run time.
Keywords :
Web services; authorisation; Web services; access violations; authorized users; collaborative environments; subject reduction; system security; workflow access control; workflow processes; Access control; Context-aware services; Manufacturing; Marine vehicles; Product design; Web services; µ Calculus; Task based Access Control; Types; Web Service;
Conference_Titel :
Services - I, 2009 World Conference on
Conference_Location :
Los Angeles, CA
Print_ISBN :
978-0-7695-3708-5
Electronic_ISBN :
978-0-7695-3708-5
DOI :
10.1109/SERVICES-I.2009.78
