Embed Size (px)
Citation preview
Laboratoire d'InfoRmatique en Image et Systèmes d'informationhttp://liris.cnrs.fr
UMR 5205
1 July 2010
2010
Selecting Web Services for Choreography Implementation: Compatibility Checking
Approach with Access Control
Emad Elabd , Emmanuel Coquery, Mohand-Said Hacid
Seke- 1-3 July, 2010
Agenda:
Web Services and Web Services Choreography
Business Protocol
Compatibility
Business Protocols for Choreography
BP Product Automata
Using ontology
The verification process
Complexity analysis
Related works
Conclusion and future work
Seke- 1-3 July, 2010 2
Web Services
3Seke- 1-3 July, 2010
``A Web service is a software application or component that can be accessed over the internet using a platform/language-neutral data interchange format to invoke the service and supply the response, using a rigorously defined message exchange pattern, and producing a result that is sufficiently well-defined to be processed by a software application. ’’
Web service characteristics:
Interactions: XML message
exchange
Protocols: SOAP, HTTP
Service Registry
Service Provider
Service Requestor
Service description
Web Service
Service-oriented architectures (SOA).
Web Services cont.
4
Structural Behavioural
Tools:WSDLTools:WSDLTools: BPEL, WSCI, BPMN,
etc.
Tools: BPEL, WSCI, BPMN,
etc.
Seke- 1-3 July, 2010
Service Description
Operations, data schemas, binding
information and I/O messages format
Operations, data schemas, binding
information and I/O messages format
Order of messages exchange(Business
protocols)
Order of messages exchange(Business
protocols)
Web Services & Choreography
Seke- 1-3 July, 2010 5
WA2
WAn
WA3
WA1
WA4
WEB
Web Services
Designer
.
.
.
Collects
Implements
Complex process Selected Web services
Described by
Verification
Process choreography
Can implement process or not
Informal definition: Possible message exchange sequences supported by the service.Informal definition: Possible message exchange sequences supported by the service.
6
Business Protocol
Formal definition :An explicitly time business protocol is a tuple P = (S; s0; T; F) which consists of the following elements:
– S is a finite set of states.– s0 S, is the initial state.∈– T S⊆ 2xM x{+,-} , is a finite set of explicit transition.– This protocol is deterministic.– All states in the automata are accessible and co-accessible.– F S is a set of final states. If F = { } then P is said to be an empty ⊆ ∅protocol.
Formal definition :An explicitly time business protocol is a tuple P = (S; s0; T; F) which consists of the following elements:
– S is a finite set of states.– s0 S, is the initial state.∈– T S⊆ 2xM x{+,-} , is a finite set of explicit transition.– This protocol is deterministic.– All states in the automata are accessible and co-accessible.– F S is a set of final states. If F = { } then P is said to be an empty ⊆ ∅protocol.
Seke- 1-3 July, 2010
7
Business Protocol cont.
a(-) d(+) e(+)S0 S1 S2 S4
S4
start Logged searching answeredansweredLogin(+) search(+)
search(+)
answer(-)
business protocol of a search engine.
p1
p2
State transition protocol of a search engine.
Seke- 1-3 July, 2010
Compatibility
Seke- 1-3 July, 2010 8
Service Consumer
Business Protocol
Business Protocol
specifyspecifyDescribed by Described by
Service Provider
Compatibles?
interactions messagesmessages
Compatibility
Seke- 1-3 July, 2010 9
Informal definition. we say that P1 and P2 are compatible using their
if:
• All the messages get out from the service can be received
from the consumer and vice versa with respecting the
annotated constraints ( time and ACP).
• There are no life or dead lock( accessibility and co-
accessibility)
Informal definition. we say that P1 and P2 are compatible using their
if:
• All the messages get out from the service can be received
from the consumer and vice versa with respecting the
annotated constraints ( time and ACP).
• There are no life or dead lock( accessibility and co-
accessibility)
Compatibility ex.
10
b(+)
a(+) d(-)
a(-) d(+)
c(-)
a�
d
BP1
BP2
Two BP their product automata.
S0 S5S5
S2
S1
S’0 S’1
(S0,S’0) (S1,S’1)
S’5S’5
(S5,S’5)(S5,S’5)
BP1 × BP2
S3S4
e(+) f(-)
S’3 S’4
e(-) f(+)
(S3,S’3) (S4,S’4)e�
f
p1
p2
P1 X P2
Seke- 1-3 July, 2010
Incompatible ex.
11
b(-)
a(+) d(-)
a(-) d(+)
c(+)
a�
d
BP1
BP2
The two protocols are incompatible
S0 S5S5
S2
S1
S’0 S’1
(S0,S’0) (S1,S’1)
S’5S’5
(S5,S’5)(S5,S’5)
BP1 × BP2
S3S4
e(+) f(-)
S’3 S’4
e(-) f(+)
(S3,S’3) (S4,S’4)e�
f
Seke- 1-3 July, 2010
Web Services: Access control
12
Development of suitable access control models
Traditional access control models are not satisfactory :
Conversational nature of Web services.
Web service as a set of dependent operations.
Approaches to avoid situations where the client cannot progress in the conversation due to the lack
of required security requirements.
Research directions in access control. (
Development of new access control models (e.g, NIST Standard RBAC model WS-AC1, and
conversation-based Web services access control model by Massimo M. et al.
Development of policy languages for access control( XACML , WS-Policy and finally to
Semantic Web based languages such as Rei and KAoS.
Seke- 1-3 July, 2010
Compatibility with AC:
Seke- 1-3 July, 2010 13
- For login: professor credential or student card-For accessing journal papers: professor credential-For access conference papers: professor credential or student card
Business protocol of the web service (P1) and a consumer (P2) without assigning the ACP.
start Logged
ReceivedJournalReq JournalPapersJournalPapers
Login(+)getJournalReq(+)
conferPapersconferPapers
getconferenceReq(+)
ReceivedconfReq
getJournalRes(-)
getconfRes(-)
start Logged SentRequest GetJournalPaperGetJournalPaperLogin(-)
getJournalReq(-)getJournalRes(-)
P1
P2
Compatibility with AC cont.:
Seke- 1-3 July, 2010 14
Business protocol of the web service (P1) and a consumer (P2) after assigning the ACP.
start Logged
ReceivedJournalReq JournalPapersJournalPapers
Login(+),Prof orStudent
getJournalReq(+),Prof
conferPapersconferPapersgetconferenceReq(+) Prof orStudent
ReceivedconfReq
getJournalRes(-)
getconfRes(-)
start Logged SentRequest GetJournalPaperGetJournalPaperLogin(-)
,Student
getJournalReq(-)getJournalRes(-)
P1
P2
Compatibility with AC cont.:
15
M3(-)M1(-),C M2(+) M4(+)S0 S1
S2 S3 S4S4
C:is a credential or a set of credentials.M : refers to the message
P1
M3(+,C)M1(+) M2(-) M4(+)S’0 S’1
S’2 S’3 S’4S’4
P2
M3(-),CM1(-),C M2(+) M4(+)S0 S1
S2 S3 S4S4
P1 with cumulative ACP
M3(+,C)M1(+) M2(-) M4(+)S’0 S’1
S’2 S’3 S’4S’4
P2
Cumulative Access control policy
Seke- 1-3 July, 2010
Compatibility with AC cont.:
16
M7(-), zxor yz
M1(-),x M3(+) M8(+)S0 S1 S2 S3 S4
S4
S5 S6 S7
P1
M2(-)M4(+) M5(-),y
M6(+)
M7(+), zxor yz
M1(+) M3(-) M8(-)S0 S1 S2 S3 S4
S4
S5 S6 S7
M2(+)M4(-) M5(+)
M6(-)
M7(+),xzM1(+) M3(-) M8(-)S0 S1 S2 S3 S4
S4
S5 S6 S7
M2(+)M4(-) M5(+)
M6(-)
P2
P3
Policy Compatible
Compatible? Answer :No
Seke- 1-3 July, 2010
Compatibility with AC cont.:
17
M7(-), zxor yz
M1(-),x M3(+) M8(+)S0 S1 S2 S3 S4
S4
S5 S6 S7
P1
M2(+)M4(+) M5(-),y
M6(+)
M7(+), zxM1(+) M3(-) M8(-)S0 S1 S2 S3 S4
S4
P2
Are the two protocol compatibles?• by applying the rule of the previous example it seems NO. because in M7 in p2 the policy will not satisfied by the set of credentials of M7 in p1.• But they are compatible.
•Some paths will not be taken during the interaction.•Compare the credentials and policy after determining the paths of interaction between the two protocols(product automata)
Policy
Seke- 1-3 July, 2010
Access Control Policy cont.:
18
b(-)
a(+), (c1) d(-),c2
a(-), c1 d(+)
c(+)
, P11 =c1, c1
2 =c1
, P22 =0, c2
1 =c2a� d
BP1
BP2
Two BP assigned with access control policy and their product automata.•P1
1 policy of protocol BP1 in transition 1•C1
2 set credentials of protocol BP2 in transition 1
S0 S5S5
S2
S1
S’0 S’1
(S0,S’0) (S1,S’1)
S’5S’5
(S5,S’5)(S5,S’5)
BP1 × BP2
S3S4
e(+) f(-)
S’3 S’4
e(-) f(+),c2,c3
(S3,S’3) (S4,S’4)
e� f
P42 =c2c3, c4
1 =0
P31 =0, c3
2 =0
Example of incompatibility
C41 =c2C3
2 =c1C21 =c2C1
2 =c1
Seke- 1-3 July, 2010
Web Service Choreography
19
•Web service choreography relates to describing externally observable interactions between web services•Choreography == Multi-party Collaboration
(Seller, Broker, SubmitArticleSpec, AritclesubmitReq, ACP=true, C=true)
(Broker, Seller, QuoteUpdate,QuoteUpdateReq, ACP=true, C=true)
(Seller, Broker, QuoteUpdate,QuoteUpdateRes, ACP=true, C=true)
START((Buyer, start),(Seller, start),(Broker,start),(CreditAgency,start)))
ARTICLE SPECIFIATION SUBMIT ((Buyer, start),(Seller,
Sent_Req),(Broker,Rec_Req),(CreditAgency,start)))
QUOTE UPDATING REQUEST-KS ((Buyer, start),(Seller,
Rec_QU),(Broker,Sent_QU),(CreditAgency,start)))
QUOTE UPDATING RESPONSE-SK((Buyer, start),(Seller,
Sent_QU),(Broker,Rec_QU),(CreditAgency,start)))
(Broker, Seller, QuoteUpdate,QuoteUpdateReq, ACP=true, C=true)
Partners
Sender
Reciever
Operation
Message
ACP
Credentials
Seke- 1-3 July, 2010
Business Protocols for Choreography
20
AritcleQuoteRequest(-),
Broker PayementOrder(-) ,LCL Master Card,
Broker
AritcleQuoteResponse(+),
Broker
QuoteUpdateReq(-),Broker
Getarticle(+),Broker
ArticleAccessed
ArticleDenied
Cancel(+),Broker
Start
AritcleQuoteRequest(+),
buyerPayementOrder(+) ,Credit Card, buyer
AritcleQuoteResponse(-),
buyer
ArticleAccessed(-),buyer
ArticleDenied
Cancel(-) ,buyer
BUYER
SELLER
AritclesubmitReq(-),
Broker
PayementOrder(+),Visa
Card, Broker
AritcleSubmitRes(+),
Broker
Cancel(+),Broker
Start
QuoteUpdateRes(+),,Broker
QuoteUpdateReq(+),buyer
QuoteUpdateRes(-) ,buyer
QuoteUpdateReq(+),Broker
QuoteUpdateRes(-),Broker
BROKER
AritclesubmitReq(+) ,seller
StartAritcleSubmitRes(-),
seller
QuoteUpdateReq(-) ,Seller
QuoteUpdateRes(+),Seller
CreditCheckReq(-),CreditAgency
PayementOrder(-),Visa Card,
Seller
Cancel(+),Seller
ArticleSent(+),Seller
CreditCheckReq(-),
CreditAgency
Accept(-) ,CreditAge
ncy
Failure(+),CreditAgency
Failure(+),CreditAgency
cancel(+),Broker
ArticleSent(-),Broker
Accept(-) ,CreditAgency
CREDITAGENCY
CreditCheckReq(+),(Seller,Boker)
Accept(-),(Seller,Boker)
Failure(-),(Seller,Boker)
Start
Seke- 1-3 July, 2010
Product Automata
21
((Buyer, start),(Seller, start),(Broker,start),(CreditAgency,
start)))
ARTICLE SPECIFIA
TION SUBMIT
(Seller, Broker, SubmitArticleSpec, AritclesubmitReq, ACP=true, C=true) Quote
Updating Request-
KS
(Broker, Seller, QuoteUpdate,QuoteUpdateReq, ACP=true, C=true)
…..
Payement Request-
Ks
Payement Check-Sc
(Seller, CreditAgency, checking credit, CreditCheckReq, ACP=Visa
Card, C=BNP Visa Card)
Payement failure-CS
Payement Success-Cs
(CreditAgency, Seller, checking credit, Failure, ACP=true, C=true)
(CreditAgency, Seller, checking credit, Sucess,
ACP=true, C=true)
…Article
recieved
Article Submit
(Broker, Buyer , SubmitArticle, Aritclesubmitorder, ACP=true,
C=true)
Seke- 1-3 July, 2010
Access control policy ontology
22
start Logged
ReceivedJournalReq
JournalPapersJournalPapers
Login(+),Prof or
Student card
getJournalReq(+),Prof
conferPapersconferPapers
getconferenceReq(+)Prof orStudent
ReceivedconfReq
getJournalRes(-)
getconfRes(-)
start Logged SentRequest GetconfPaperGetconfPaperLogin(-) ,school Student getconferenceReq(-)
getconfRes(-)
P1
P2
Card
Student card Professor card
University cardSchool card
Isa Isa
IsaIsa
Ontology
Seke- 1-3 July, 2010
The verification process
23
1.Select the Web services and get its business protocols assigned with the ACP and
credentials.
2.Create the product automata between these protocols.
3. Calculate the cumulative ACC on the product automata (as defined on definition 4).
4.Check the compatibility in terms of ACP between these protocols (as defined on
definition 6) using algorithm 1 for calculating and checking the ACP on the product
automata.
5. If the business protocols are compatible in terms of message exchange and ACP and the
product automata presents the same behavior as the choreography then the set of
services which have these business protocols can implement this choreography.
Otherwise, this choreography cannot be implemented by these ser-vices.
Seke- 1-3 July, 2010
Complexity analysis
24
Complexity analysis: Let T1 and T2 be the number of transitions of the
two protocols P1 and P2 respectively,
-The construction of the product automata will take (T1 xT1).
-The calculation of the cumulative credentials will take number of
states in the product automata (S1 x S2) multiplied by the size of the
longest non looping path multiplied by (S1 S2) (i.e cumulative
credentials takes(S1 x S2)3)
-As a result, the complexity for the algorithm will be ((T1 xT1) + (S1
S2)3).
Complexity analysis: Let T1 and T2 be the number of transitions of the
two protocols P1 and P2 respectively,
-The construction of the product automata will take (T1 xT1).
-The calculation of the cumulative credentials will take number of
states in the product automata (S1 x S2) multiplied by the size of the
longest non looping path multiplied by (S1 S2) (i.e cumulative
credentials takes(S1 x S2)3)
-As a result, the complexity for the algorithm will be ((T1 xT1) + (S1
S2)3).
Seke- 1-3 July, 2010
Conclusion and future work
High-level analysis of business protocols used in the web service after
explicitly assigning ACP on it .
• Cumulative access control Policy
• Compatibility analysis
Propose a verification approach to verify the behaviors specified by
processes choreographies and the selected web services for implementing
these choreographies.
In our work, using ontology of ACP is important in determining the
relation between the compared policies and credentials . This comparison
is needed in checking the compatibility and replaceability.
25Seke- 1-3 July, 2010
Conclusion and future work
For future work
• Generalization approach works with most of message specification
attributes (XMLSchema, Access Control Policy, Privacy, Meaning,
Response Time, Credentials).
• Applying our analysis on multi-clock time automata where each
transition has its own clock.
• automatically build adapters allowing set of services to work
together even though they are not directly compatible
• Another extension is to use these tools for web service composition
26Seke- 1-3 July, 2010
