TY - JOUR
T1 - The integration of corporate security strategies in collaborative business processes
AU - Badr, Youakim
AU - Biennier, Frédérique
AU - Tata, Samir
N1 - Funding Information:
This work is a part of the project SemEUsE funded by the French National Research Agency (ANR-France) under the 2007 TechLog018 grant.
PY - 2011
Y1 - 2011
N2 - In response to increasing economical constraints, enterprise organization has evolved toward new structures such as networked enterprise, supply chains, virtual enterprise, or collaborative business organizations. This structural organization requires the interoperability of business processes (BPs)and information systems. Dealing with interoperability often leads to the deployment of Service-Oriented Architecture (SOA) based on Enterprise Service Bus (ESB) to design agile collaborative BPs and publish and compose new services. In order to protect each partner's own interests, security strategies must be developed and integrated in the service environment. Unfortunately, traditional security approaches deal with security concerns from a technical perspective (i.e., data transmission or authentication, etc.) and do not support end-to-end security in a distributed environment of business services and collaborative processes. In this paper, we attempt to improve end-to-end security by annotating service descriptions with security objectives used to generate convenient quality of protection (QoP) agreements between partners. Conversely, agreements are processed by a dedicated matching module with respect to security requirements and preferences to select business services, and then, compose their appropriate technical security services.
AB - In response to increasing economical constraints, enterprise organization has evolved toward new structures such as networked enterprise, supply chains, virtual enterprise, or collaborative business organizations. This structural organization requires the interoperability of business processes (BPs)and information systems. Dealing with interoperability often leads to the deployment of Service-Oriented Architecture (SOA) based on Enterprise Service Bus (ESB) to design agile collaborative BPs and publish and compose new services. In order to protect each partner's own interests, security strategies must be developed and integrated in the service environment. Unfortunately, traditional security approaches deal with security concerns from a technical perspective (i.e., data transmission or authentication, etc.) and do not support end-to-end security in a distributed environment of business services and collaborative processes. In this paper, we attempt to improve end-to-end security by annotating service descriptions with security objectives used to generate convenient quality of protection (QoP) agreements between partners. Conversely, agreements are processed by a dedicated matching module with respect to security requirements and preferences to select business services, and then, compose their appropriate technical security services.
UR - http://www.scopus.com/inward/record.url?scp=81455143669&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=81455143669&partnerID=8YFLogxK
U2 - 10.1109/TSC.2010.18
DO - 10.1109/TSC.2010.18
M3 - Article
AN - SCOPUS:81455143669
SN - 1939-1374
VL - 4
SP - 243
EP - 254
JO - IEEE Transactions on Services Computing
JF - IEEE Transactions on Services Computing
IS - 3
ER -