Medical Virtual Public Services

The healthcare enterprises are very disconnected. This paper intends to propose a solution that will provide citizens, businesses and medical enterprises with improved access to medical virtual public services. Referred medical services are based on existing national medical Web services and which support medically required services provided by physicians and supplementary health care practitioners, laboratory services and diagnostic procedures, clinics and hospitals’ services. Requirements and specific rules of these medical services are considered, and personalization of user preferences will to be supported. The architecture is based on adaptable process management technologies, allowing for virtual services which are dynamically combined from existing national medical services. In this way, a comprehensive workflow process is set up, allowing for service-level agreements, an audit trail and explanation of the process to the end user. The process engine operates on top of a virtual repository, providing a high-level semantic view of information retrieved from heterogeneous information sources, such as national sources of medical services. The system relies on a security framework to ensure all high-level security requirements are met. System’s architecture is business oriented: it focuses on Service Oriented Architecture - SOA concepts, asynchronously combining Web services, Business Process Management – BPM rules and BPEL standards.Business Process Management, Service Oriented Architecture, Application Integration, Web services, information technologies, virtual repository, database.

Enhancement of Web Security Against External Attack

The security of web-based services is currently playing a vital role for the software industry. In recent years, many technologies and standards have emerged in order to handle the security issues related to web services. This paper shows techniques to enhance the security of web services, and some of the recent challenges and recommendations of a proposed model to secure web services. It shows the security process of a real life web application, which includes; HTML5 forms, login security, and a single signon solution. This paper also aim to discuss the ten (10) most common web security vulnerabilities and how to prevent the web application from three (3) of the vulnerabilities. Amongst them are; SQL Injection, Cross Site Scripting and Broken Authentication, and Session Management

The Conceptual Design and Implementing Web Services Security Framework for Ministry of Information and Communication Technology in Thailand

This research aims to present a Web Services Security Framework for Ministry of Information and Communication Technology (MICT) in Thailand as referred to international standard BS7799 on information security management. With a pilot development of web services which based on e-government, the researcher used Ministry of Information and Communication Technology as a case study. In order to understand the developmental pilot, it’s crucial to realize particularly in web services security and to determine proposed or existing system. Finally, it can be as standard guideline for Thai public organization for developing web services security framework

Advanced eGovernment Information Service Bus (eGov-Bus)

The eGov-Bus project provides citizens and businesses with improved access to virtual public services, which are based on existing national eGovernment Web services and which support cross-border life events. Requirements and specific rules of these life events are considered, and personalization of user preferences is supported. eGov-Bus is based on adaptable process management technologies, allowing for virtual services which are dynamically combined from existing national eGovernment services. In this way, a comprehensive workflow process is set up, allowing for service-level agreements, an audit trail and explanation of the process to the end user. The eGov-Bus process engine operates on top of a virtual repository, providing a high-level semantic view of information retrieved from heterogeneous information sources, such as eGovernment Web services. Further, eGov-Bus relies on a security framework to ensure all high-level security requirements are met. The eGov-Bus architecture is business oriented, it focuses on Service Oriented Architecture (SOA) concepts, asynchronously combining Web services and providing a Service Bus.Frameworks and Guidelines, eGovernment Ontologies, Admininistrative Process Design, Life Events, Web Services, Service Bus Integration

E-commerce Systems and E-shop Web Sites Security

Fruitfulnes of contemporary companies rests on new business model development, elimination of communication obstacles, simplification of industrial processes, possibilities of responding in real-time and above all meeting the floating custom needs. Quite a number of company activities and transactions are realized within the framework of e-business. Business transactions are supported by e-commerce systems. One of the e-commerce system part is web interface (web sites). Present trend is putting the accent on security. E-commerce system security and web sites security is the most overlooked aspect of securing data. E-commerce system security depends on technologies and its correct exploitation and proceedings. If we want e-commerce system and e-shops web sites with all services to be safety, it is necessary to know all possible risks, use up to date technologies, follow conventions of web sites development and have good security management system. The article deals with definition and description of risk areas refer to e-commerce systems and e-shop web sites and show fundamental principles of e-commerce systems and e-shop web sites security.E-commerce system, e-shop web sites, security, security proceedings, web technologies

Business integration models in the context of web services.

E-commerce development and applications have been bringing the Internet to business and marketing and reforming our current business styles and processes. The rapid development of the Web, in particular, the introduction of the semantic web and web service technologies, enables business processes, modeling and management to enter an entirely new stage. Traditional web based business data and transactions can now be analyzed, extracted and modeled to discover new business rules and to form new business strategies, let alone mining the business data in order to classify customers or products. In this paper, we investigate and analyze the business integration models in the context of web services using a micro-payment system because a micro-payment system is considered to be a service intensive activity, where many payment tasks involve different forms of services, such as payment method selection for buyers, security support software, product price comparison, etc. We will use the micro-payment case to discuss and illustrate how the web services approaches support and transform the business process and integration model.

XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment.

Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with security flaws and these vulnerabilities expose them to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the back end of Web services. This paper proposes XIPS, a prevention mechanism against Blind XPath injection attacks within Web services environment. The prevention mechanism employs the model-based approach to detect malicious queries and thwart them before they are executed on the Web services back end database. This approach uses run time monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. The employment of the XIPS architecture should be able to prevent Web services from any kinds of XPath injection attacks