Scribd Logo
Upload

Welcome to Scribd!

  • Unit - Iii Business Processes: University Institute of Engineering (UIE)

    Uploaded by

    Kaushik Baranwal
    3 views17 pages
    This document discusses business processes and web services security. It outlines objectives related to how business processes connect to web services, specific web services attacks, and key security issues. It also defines business processes and describes the WS-AC model, identity attribute negotiation, and parameter negotiation. It discusses components, access rules, and outcomes of these approaches and includes references for further information.

    Original Description:

    WSS Unit III

    Original Title

    WSS_UNIT_III_C

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses business processes and web services security. It outlines objectives related to how business processes connect to web services, specific web services attacks, and key security issues. It also defines business processes and describes the WS-AC model, identity attribute negotiation, and parameter negotiation. It discusses components, access rules, and outcomes of these approaches and includes references for further information.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    3 views17 pages

    Unit - Iii Business Processes: University Institute of Engineering (UIE)

    Uploaded by

    Kaushik Baranwal
    This document discusses business processes and web services security. It outlines objectives related to how business processes connect to web services, specific web services attacks, and key security issues. It also defines business processes and describes the WS-AC model, identity attribute negotiation, and parameter negotiation. It discusses components, access rules, and outcomes of these approaches and includes references for further information.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 17

    Department of Computer Science and Engineering (CSE)

    UNIT – III

    Business Processes

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    Objectives

    • How Business processes related to web services.


    • To recognize specific Web services and XML attack
    patterns.
    • To recognize the benefits of using static analysis in web
    services.
    • To recognize the key security issues in SOA and web
    services.

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    Business Processes

    • A business process or business method is a collection


    of related, structured activities or tasks that produce a
    specific service or product (serve a particular goal) for a
    particular customer or customers.

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    Business Processes

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Model

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Model

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Identity Attribute Negotiation

    • Most organizations require the verification of personal


    information before providing services, and the privacy of
    such information is of growing concern.
    • The authors show how federated identity management
    systems can better protect users' information when
    integrated with trust negotiation.

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Identity Attribute Negotiation working

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Identity Attribute Negotiation

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Parameter Negotiation

    • We ever worked on software where the access rules are


    based not only on the user's role but also on the specific
    entity that role was granted on, something like "Project
    Manager can add users to HIS PROJECT ONLY", "Store
    Agent can access Store Information for HIS STORE ONLY",
     or "Document Owner can modify HIS DOCUMENTS“,
    called Parameter Negotiation.

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    Parameter Negotiation based on four elements


    • subject
    • resource
    • action
    • environment

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    Key components of Parameter Negotiation

    • Permission Evaluator
    • Context Aware Policy Enforcement
    • Policy Enforcement

    • Policy Definition
    • Policy Rule
    • Security Access Context

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    Access Rules for Parameter Negotiation

    • Admin can do all


    • PM can add new issues to his project only
    • Tester can add bugs (and only bugs) to his project

    • Users can complete issues assigned to them

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    WS – AC Parameter Negotiation

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    OUTCOMES

    • WS – AC Model

    • WS – AC Identity Attribute Negotiation

    • WS – AC Parameter Negotiation

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    FAQS

    • How Business process work with web services.


    • What is WS Federation
    • Describe the characteristics of Business Processes

    University Institute of Engineering (UIE)


    Department of Computer Science and Engineering (CSE)

    REFERENCES

    • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C.


    Squicciarini, Security for Web Services and Service Oriented
    Architectures, Springer Science (2009).
    • Web Services Security by Mark O’NEILL 2011
    • Professional Web Services Security Author: David Whitney
    Date: December 2010, Revised edition Publisher: Wrox Press
    • Security for Web Services and Service-Oriented Architectures
    Bertino, E., Martino, L., Paci, F. Squicciarini, A. 2010, XII, 218p.

    University Institute of Engineering (UIE)

    You might also like