Methods for Efficient and Accurate Discovery of Services

With an increasing number of services developed and offered in an enterprise setting or the Web, users can hardly verify their requirements manually in order to find appropriate services. In this thesis, we develop a method to discover semantically described services. We exploit comprehensive service and request descriptions such that a wide variety of use cases can be supported. In our discovery method, we compute the matchmaking decision by employing an efficient model checking technique

Extended role-based access control model for enterprise systems and web services

This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control framework for Semantic Web services. In this thesis, an Authorization-Function-Based Role-based Access Control (FB-RBAC) model is proposed for controlling enterprise systems at the application level. The unique features of the proposed model are authorization-function-based access control and constraint-based finegrained access control. This model significantly simplifies the management of an access control system by adopting roles and authorization-functions in authorization specifications. An extension of FB-RBAC, Extended FB-RBAC (ERBAC), is applied to Web service applications. New features such as credential-based access control and dynamic role assignment are added to FB-RBAC in order to address user heterogeneity and dynamicity in the Web environment. The proposed ERBAC model is then extended to support Semantic Web services. Each component of the ERBAC model is described by security ontologies. These correlated security ontologies are integrated with Semantic Web services to form a complete ontology network. Ontology-based role assignment is facilitated so that security information can be queries and discovered through a network of ontologies

A.: Ontology based specification of Web service policies

Abstract: An ever-growing number of XML-based languages are used to describe Web Service related issues such as security (WS-Security Policy), access control (XAC-ML), or privacy (P3P-WS). While it is desirable to specify policies in a declarative way, these languages expose great diversity in both syntax and semantics making it hard to realize a unified system. Our contribution to this problem is twofold. First, we present an expressive formal notation for policies. Second, we show how requester-, provider-, and third-party policies can be used for choosing a suitable service while making sure that all relevant policies are obeyed.