A secure web service : Specification on how to implement a secure Web service in a health care environment

Bill, Andreas, Persson, Robert

January 2005

<p>Background: With Web service growing popularity more and more companies chose to apply Web service in their organisation. With the rising usage of the concept the demands rise with it. For companies that deal with vulnerable information for example hospitals, there needs to be strong security measures taken.</p><p>Purpose: The aim of the report is to examine different security functions that can help developers to secure Web service applications. The report will be written so that organisations such as health care organisation can get insight on how to use a secure Web services in their line of work.</p><p>Method: One of the main methods used in this report is a qualitative hermeneutic way of thinking. The research process will apply Wallace’s model. The theoretical study is achieved with research on the subject through literature studies and published articles. Interviews that are used to gain knowledge are structured as quality orientated science surveys with semistandardised questions.</p><p>Conclusions: We believe the time has come for hospitals to investigate if Web service can help their organization. In case they choose to use Web services, we advise them to follow Web service Security’s recommendations to produce a web service that is adapted to their security needs.</p>

Web service

Security

XML

SOAP

UDDI

WSDL

Web service security

XML signature and XML encryption

SAML

Informatics

Informatik

A secure web service : Specification on how to implement a secure Web service in a health care environment

Bill, Andreas, Persson, Robert

January 2005

Background: With Web service growing popularity more and more companies chose to apply Web service in their organisation. With the rising usage of the concept the demands rise with it. For companies that deal with vulnerable information for example hospitals, there needs to be strong security measures taken. Purpose: The aim of the report is to examine different security functions that can help developers to secure Web service applications. The report will be written so that organisations such as health care organisation can get insight on how to use a secure Web services in their line of work. Method: One of the main methods used in this report is a qualitative hermeneutic way of thinking. The research process will apply Wallace’s model. The theoretical study is achieved with research on the subject through literature studies and published articles. Interviews that are used to gain knowledge are structured as quality orientated science surveys with semistandardised questions. Conclusions: We believe the time has come for hospitals to investigate if Web service can help their organization. In case they choose to use Web services, we advise them to follow Web service Security’s recommendations to produce a web service that is adapted to their security needs.

Web service

Security

XML

SOAP

UDDI

WSDL

Web service security

XML signature and XML encryption

SAML

Information Systems

Gouvernance et supervision décentralisée des chorégraphies inter-organisationnelles / Decentralized Monitoring of Cross-Organizational Service Choreographies

Baouab, Aymen

27 June 2013

Durant la dernière décennie, les architectures orientées services (SOA) d'une part et la gestion des processus business (BPM) d'autre part ont beaucoup évolué et semblent maintenant en train de converger vers un but commun qui est de permettre à des organisations complètement hétérogènes de partager de manière flexible leurs ressources dans le but d'atteindre des objectifs communs, et ce, à travers des schémas de collaboration avancée. Ces derniers permettent de spécifier l'interconnexion des processus métier de différentes organisations. La nature dynamique et la complexité de ces processus posent des défis majeurs quant à leur bonne exécution. Certes, les langages de description de chorégraphie aident à réduire cette complexité en fournissant des moyens pour décrire des systèmes complexes à un niveau abstrait. Toutefois, rien ne garantit que des situations erronées ne se produisent pas suite, par exemple, à des interactions "mal" spécifiées ou encore des comportements malhonnêtes d'un des partenaires. Dans ce manuscrit, nous proposons une approche décentralisée qui permet la supervision de chorégraphies au moment de leur exécution et la détection instantanée de violations de séquences d'interaction. Nous définissons un modèle de propagation hiérarchique pour l'échange de notifications externes entre les partenaires. Notre approche permet une génération optimisée de requêtes de supervision dans un environnement événementiel, et ce, d'une façon automatique et à partir de tout modèle de chorégraphie / Cross-organizational service-based processes are increasingly adopted by different companies when they can not achieve goals on their own. The dynamic nature of these processes poses various challenges to their successful execution. In order to guarantee that all involved partners are informed about errors that may happen in the collaboration, it is necessary to monitor the execution process by continuously observing and checking message exchanges during runtime. This allows a global process tracking and evaluation of process metrics. Complex event processing can address this concern by analyzing and evaluating message exchange events, to the aim of checking if the actual behavior of the interacting entities effectively adheres to the modeled business constraints. In this thesis, we present an approach for decentralized monitoring of cross-organizational choreographies. We define a hierarchical propagation model for exchanging external notifications between the collaborating parties. We also propose a runtime event-based approach to deal with the problem of monitoring conformance of interaction sequences. Our approach allows for an automatic and optimized generation of rules. After parsing the choreography graph into a hierarchy of canonical blocks, tagging each event by its block ascendancy, an optimized set of monitoring queries is generated. We evaluate the concepts based on a scenario showing how much the number of queries can be significantly reduced

SOA

Chorégraphie inter-organisationelle

Services web

CEP

BPM

Processus métier

SOA

Cross organizational choreography

Web service Security

Monitoring

Complex Event Processing (CEP)

BPM

658.503

004.67