Toward Semantics-aware Representation of Digital Business Processes

An extended enterprise (EE) can be described by a set of models each representing a specific aspect of the EE. Aspects can for example be the process flow or the value description. However, different models are done by different people, which may use different terminology, which prevents relating the models. Therefore, we propose a framework consisting of process flow and value aspects and in addition a static domain model with structural and relational components. Further, we outline the usage of the static domain model to enable relating the different aspects

My private cloud--granting federated access to cloud resources

We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online

Exploring Predicate Based Access Control for Cloud Workflow Systems

Authentication and authorization are the two crucial functions of any modern security and access control mechanisms. Authorization for controlling access to resources is a dynamic characteristic of a workflow system which is based on true business dynamics and access policies. Allowing or denying a user to gain access to a resource is the cornerstone for successful implementation of security and controlling paradigms. Role based and attribute based access control are the existing mechanisms widely used. As per these schemes, any user with given role or attribute respectively is granted applicable privileges to access a resource. There is third approach known as predicate based access control which is less explored. We intend to throw light on this as it provides more fine-grained control over resources besides being able to complement with existing approaches. In this paper we proposed a predicate-based access control mechanism that caters to the needs of cloud-based workflow systems

Policy and Contract Management for Semantic Web Services

The University of Edinburgh and research sponsors are authorised to reproduce and distribute reprints and on-line copies for their purposes notwithstanding any copyright annotation hereon. The views and conclusions contained herein are the author’s and shouldn’t be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of other parties.This paper summarizes our efforts to develop capabilities for policy and contract management for Semantic Web Services applications. KAoS services and tools allow for the specification, management, analyzes, disclosure and enforcement of policies represented in OWL. We discuss three current Semantic Web Services applications as examples of the kinds of roles that a policy management framework can play: as an authorization service in grid computing environments, as a distributed policy specification and enforcement capability for a semantic matchmaker, and as a verification tool for services composition and contract management

EMI Security Architecture

This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project

Architecture for Provenance Systems

This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies

A pluggable service platform architecture for e-commerce

In the beginning of the e-commerce era, retailers mostly adopted vertically integrated solutions to control the entire e-commerce value chain. However, they began to realize that to achieve agility, a better approach would be to focus on certain core capabilities and then create a partner ecosystem around them. From a technical point of view, this means it is advised to have a lightweight platform architecture with small core e-commerce functionality which can be extended by additional services from third party providers. In a typical e-commerce ecosystem with diverse information systems of network partners, integration and interoperability become critical factors to enable seamless coordination among the partners. Furthermore an increasing adoption of cloud computing technology could be observed resulting in more challenging integration scenarios involving cloud services. Thus, an e-commerce platform is required that suites the advanced needs for flexible and agile service integration. Therefore, this paper aims to present a reference architecture of a novel pluggable service platform for e-commerce. We investigate on currently available online shop platform solutions and integration platforms in the market. Based on the findings and motivated by literature on service-oriented design, we develop an architecture of a service-based pluggable platform for online retailers. This design is then instantiated by means of a prototype for an e-commerce returns handling scenario to demonstrate the feasibility of our architecture design