ADDING SECURITY INFORMATION IN XML DOCUMENTS

XML\u27s popularity in the last few years has made this mark-up language a de facto standard for the web data interchange. DTD\u27s (or Schemas) definition associated with XML documents introduces data modelling in XML\u27s world, allowing the specification of a hierarchy of concepts or elements that constitute the XML document. Taking into account that the purpose of these data models is the highly structured information exchange among several systems, it is required to incorporate security mechanisms that allow a secure interchange. The World Wide Web Consortium (W3C) is working in the recommendations of several XML security standards. Between them, we emphasize in the XML-Signature Syntax and Processing, which allows the insertion and information processing of authentication and digital signature. Once the XML security standards have been approved as recommendations, the following step will be to include them completely or just certain parts in future or new versions of the DTD\u27s or existing Schemas, but at present many DTD’s exists that do not consider these security components within their definition. This is the case of the NewsML DTD, standard for the press news electronic interchange. The XML security standards are characterized by high flexibility and extensibility, because of that it is necessary to make an exhaustive study of the domain where it is intended to be applied and define a specific application upon the domain DTD or Schema. What we propose in this paper is a way to include information of authentication and digital signature in the NewsML DTD. In order to indicate a possible application, we carry on a joint study of XML-Signature Syntax and Processing and NewsML, analysing in what elements and how authentication and digital signature might be included

Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Security for Grid Services

Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations." The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. We describe how these issues are addressed in two generations of the Globus Toolkit. First, we review the Globus Toolkit version 2 (GT2) approach; then, we describe new approaches developed to support the Globus Toolkit version 3 (GT3) implementation of the Open Grid Services Architecture, an initiative that is recasting Grid concepts within a service oriented framework based on Web services. GT3's security implementation uses Web services security mechanisms for credential exchange and other purposes, and introduces a tight least-privilege model that avoids the need for any privileged network service.Comment: 10 pages; 4 figure

A Model-Based Approach for the Management of Electronic Invoices

The globalized market pushes companies to expand their business boundaries to a whole new level. In order to efficiently support this environment, business transactions must be executed over the Internet. However, there are several factors complicating this process, such as the current state of electronic invoices. Electronic invoice adoption is not widespread because of the current format fragmentation originated by national regulations. In this paper we present an approach based on Model-Driven Engineering techniques and abstractions for supporting the core functions of invoice management systems. We compare our solution with the traditional implementations and try to analyze the advantages MDE can bring to this specific domain

Integration of BPM systems

New technologies have emerged to support the global economy where for instance suppliers, manufactures and retailers are working together in order to minimise the cost and maximise efficiency. One of the technologies that has become a buzz word for many businesses is business process management or BPM. A business process comprises activities and tasks, the resources required to perform each task, and the business rules linking these activities and tasks. The tasks may be performed by human and/or machine actors. Workflow provides a way of describing the order of execution and the dependent relationships between the constituting activities of short or long running processes. Workflow allows businesses to capture not only the information but also the processes that transform the information - the process asset (Koulopoulos, T. M., 1995). Applications which involve automated, human-centric and collaborative processes across organisations are inherently different from one organisation to another. Even within the same organisation but over time, applications are adapted as ongoing change to the business processes is seen as the norm in today’s dynamic business environment. The major difference lies in the specifics of business processes which are changing rapidly in order to match the way in which businesses operate. In this chapter we introduce and discuss Business Process Management (BPM) with a focus on the integration of heterogeneous BPM systems across multiple organisations. We identify the problems and the main challenges not only with regards to technologies but also in the social and cultural context. We also discuss the issues that have arisen in our bid to find the solutions

Intelligent XML Tag Classification Techniques for XML Encryption Improvement

Flexibility, friendliness, and adaptability have been key components to use XML to exchange information across different networks providing the needed common syntax for various messaging systems. However excess usage of XML as a communication medium shed the light on security standards used to protect exchanged messages achieving data confidentiality and privacy. This research presents a novel approach to secure XML messages being used in various systems with efficiency providing high security measures and high performance. system model is based on two major modules, the first to classify XML messages and define which parts of the messages to be secured assigning an importance level for each tag presented in XML message and then using XML encryption standard proposed earlier by W3C [3] to perform a partial encryption on selected parts defined in classification stage. As a result, study aims to improve both the performance of XML encryption process and bulk message handling to achieve data cleansing efficiently

A multi-INT semantic reasoning framework for intelligence analysis support

Lockheed Martin Corp. has funded research to generate a framework and methodology for developing semantic reasoning applications to support the discipline oflntelligence Analysis. This chapter outlines that framework, discusses how it may be used to advance the information sharing and integrated analytic needs of the Intelligence Community, and suggests a system I software architecture for such applications

An Architecture for Information Commerce Systems

The increasing use of the Internet in business and commerce has created a number of new business opportunities and the need for supporting models and platforms. One of these opportunities is information commerce (i-commerce), a special case of ecommerce focused on the purchase and sale of information as a commodity. In this paper we present an architecture for i-commerce systems using OPELIX (Open Personalized Electronic Information Commerce System) [11] as an example. OPELIX provides an open information commerce platform that enables enterprises to produce, sell, deliver, and manage information products and related services over the Internet. We focus on the notion of information marketplace, a virtual location that enables i-commerce, describe the business and domain model for an information marketplace, and discuss the role of intermediaries in this environment. The domain model is used as the basis for the software architecture of the OPELIX system. We discuss the characteristics of the OPELIX architecture and compare our approach to related work in the field