A voucher-based security middleware for secure Business Process Outsourcing
| Autor: | Emad Heydari Beni, Filipe Beato, Ren Zhang, D. De Cock, Wouter Joosen, Bert Lagaisse |
|---|---|
| Přispěvatelé: | Bodden, E, Payer, M, Athanasopoulos, E, Bodden, Eric, Payer, Mathias, Athanasopoulos, Elias |
| Jazyk: | angličtina |
| Rok vydání: | 2017 |
| Předmět: |
Delegation
business.industry Business process Computer science media_common.quotation_subject Business process outsourcing 05 social sciences Authorization Security middleware 02 engineering and technology Computer security computer.software_genre Workflow engine Business process management Voucher 020204 information systems Middleware (distributed applications) 0502 economics and business 0202 electrical engineering electronic engineering information engineering 050211 marketing business computer media_common |
| Zdroj: | Lecture Notes in Computer Science ISBN: 9783319621043 ESSoS |
| Popis: | © Springer International Publishing AG 2017. Business Process Outsourcing (BPO) enables the delegation of entire business processes to third party providers. Such scenarios involve communication between federated and heterogeneous workflow engines. However, state-of-the-art workflow engines fall short of a distributed authorisation mechanism for this heterogeneous, federated BPO setting. In a cross-organisational context, the security requirements involve (i) delegation and verification of privileges in a confidential manner, (ii) secure asynchronous operations during the long-term workflows even when the users are logged-off, and (iii) controlling access to interfaces of the different workflow engines involved. To address these challenges, we present a voucher-based authorisation architecture and middleware. We extended the WF-Interop [2] middleware with a security module to support this authorisation architecture. We further validated our contributions by prototyping a billing workflow case study on top of the extended WF-Interop middleware and evaluated the performance overhead of the security extensions to the middleware. ispartof: pages:19-35 ispartof: Lecture Notes in Computer Science vol:10379 pages:19-35 ispartof: ESSoS 2017 location:GERMANY, Bonn date:3 Jul - 5 Jul 2017 status: published |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|