Abstract

Protecting (authorizing) access to individual web services has been explored in many research efforts. The focus of such research is to ensure that authorized users with appropriate credentials are able to access resources under controlled and authorized security. However, integrating and/or composing such services, e.g. through workflow environments in collaborative environments, remains an open challenge. A key issue is to ensure the security requirements of each individual service and hence their service provider, whilst still allowing them to be used as part of a workflow execution - potentially by users with diverse security credentials. The aim of this research is to provide a security-oriented workflow framework that supports such secure workflow enactment. The framework supports a variety of security evaluation mechanisms using diverse security credential aggregation mechanisms leveraging centralized and decentralized security with push/pull of security information as required. We describe the core components of this framework and how they can be used to support security-oriented workflow enactment.