Exploring a framework for advanced electronic business transactions

With the emergence of service-oriented computing technology, companies embrace new ways of carrying out business transactions electronically. Since the parties involved in an electronic business transaction (eBT) manage a heterogeneous information-systems infrastructure within their organizational domains, the collaboration complexity is considerable and safeguarding an interorganizational collaboration with an eBT is difficult, but of high significance. This paper describes a conceptual framework that pays attention to the complexities of an eBT and its differentiating characteristics that go further than traditional database transactions. Since the eBT is a framework that comprises separate levels, pre-existing transaction concepts are explored for populating the respective levels. To show the feasibility of the described eBT framework, industry initiatives that are aspiring to become business-transaction standards, are checked for eBT compatible characteristics. Since realizing an eBT framework raises many tricky issues, the paper maps out important research areas that require scientific attention. Essentially, it is required to investigate how the business semantics influences the nature of an eBT throughout its lifecycle.Peer reviewe

An Interoperable Access Control System based on Self-Sovereign Identities

The extreme growth of the World Wide Web in the last decade together with recent scandals related to theft or abusive use of personal information have left users unsatisfied withtheir digital identity providers and concerned about their online privacy. Self-SovereignIdentity (SSI) is a new identity management paradigm which gives back control over personal information to its rightful owner - the individual. However, adoption of SSI on theWeb is complicated by the high overhead costs for the service providers due to the lackinginteroperability of the various emerging SSI solutions. In this work, we propose an AccessControl System based on Self-Sovereign Identities with a semantically modelled AccessControl Logic. Our system relies on the Web Access Control authorization rules usedin the Solid project and extends them to additionally express requirements on VerifiableCredentials, i.e., digital credentials adhering to a standardized data model. Moreover,the system achieves interoperability across multiple DID Methods and types of VerifiableCredentials allowing for incremental extensibility of the supported SSI technologies bydesign. A Proof-of-Concept prototype is implemented and its performance as well as multiple system design choices are evaluated: The End-to-End latency of the authorizationprocess takes between 2-5 seconds depending on the used DID Methods and can theoretically be further optimized to 1.5-3 seconds. Evaluating the potential interoperabilityachieved by the system shows that multiple DID Methods and different types of VerifiableCredentials can be supported. Lastly, multiple approaches for modelling required Verifiable Credentials are compared and the suitability of the SHACL language for describingthe RDF graphs represented by the required Linked Data credentials is shown

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

QoS-Aware Middleware for Web Services Composition

The paradigmatic shift from a Web of manual interactions to a Web of programmatic interactions driven by Web services is creating unprecedented opportunities for the formation of online Business-to-Business (B2B) collaborations. In particular, the creation of value-added services by composition of existing ones is gaining a significant momentum. Since many available Web services provide overlapping or identical functionality, albeit with different Quality of Service (QoS), a choice needs to be made to determine which services are to participate in a given composite service. This paper presents a middleware platform which addresses the issue of selecting Web services for the purpose of their composition in a way that maximizes user satisfaction expressed as utility functions over QoS attributes, while satisfying the constraints set by the user and by the structure of the composite service. Two selection approaches are described and compared: one based on local (task-level) selection of services and the other based on global allocation of tasks to services using integer programming

SISO Space Reference FOM - Tools and Testing

The Simulation Interoperability Standards Organization (SISO) Space Reference Federation Object Model (SpaceFOM) version 1.0 is nearing completion. Earlier papers have described the use of the High Level Architecture (HLA) in Space simulation as well as technical aspects of the SpaceFOM. This paper takes a look at different SpaceFOM tools and how they were used during the development and testing of the standard.The first organizations to develop SpaceFOM-compliant federates for SpaceFOM development and testing were NASA's Johnson Space Center (JSC), the University of Calabria (UNICAL), and Pitch Technologies.JSC is one of NASA's lead centers for human space flight. Much of the core distributed simulation technology development, specifically associated with the SpaceFOM, is done by the NASA Exploration Systems Simulations (NExSyS) team. One of NASA's principal simulation development tools is the Trick Simulation Environment. NASA's NExSyS team has been modifying and using Trick and TrickHLA to help develop and test the SpaceFOM.The System Modeling And Simulation Hub Laboratory (SMASH-Lab) at UNICAL has developed the Simulation Exploration Experience (SEE) HLA Starter kit, that has been used by most SEE teams involved in the distributed simulation of a Moon base. It is particularly useful for the development of federates that are compatible with the SpaceFOM. The HLA Starter Kit is a Java based tool that provides a well-structured framework to simplify the formulation, generation, and execution of SpaceFOM-compliant federates.Pitch Technologies, a company specializing in distributed simulation, is utilizing a number of their existing HLA tools to support development and testing of the SpaceFOM. In addition to the existing tools, Pitch has developed a few SpaceFOM specific federates: Space Master for managing the initialization, execution and pacing of any SpaceFOM federation; EarthEnvironment, a simple Root Reference Publisher; and Space Monitor, a graphical tool for monitoring reference frames and physical entities.Early testing of the SpaceFOM was carried out in the SEE university outreach program, initiated in SISO. Students were given a subset of the FOM, that was later extended. Sample federates were developed and frameworks were developed or adapted to the early FOM versions.As drafts of the standard matured, testing was performed using federates from government, industry, and academia. By mixing federates developed by different teams the standard could be tested with respect to functional correctness, robustness and clarity.These frameworks and federates have been useful when testing and verifying the design of the standard. In addition to this, they have since formed a starting point for developing SpaceFOM-compliant federations in several projects, for example for NASA, ESA as well as SEE