Christian Emig

Development of SOA-Based Software Systems - an Evolutionary Programming Approach

A software application has strong relationships with the business processes it supports. In the analysis phase those parts of the processes in which the software system is applied by its future users are analyzed. Taking an object-oriented approach, the Unified Modeling Language (UML) is often used to model the relevant aspects of the business processes. In the design phase these models must be manually mapped to the business layer of the software application. The Service-Oriented Architecture (SOA) offers a promising new approach: The business process is described in a programming language [1], i.e. a process language which can be automatically mapped to an execution language and executed by a process engine. This article shows how Programming in the Large can be practically applied in a software engineering process. The Business Process Model Notation (BPMN) is used as a process programming language. A BPMN description can be mapped to the widely accepted Business Process Execution Language (BPEL).

An Access Control Metamodel for Web Service-Oriented Architecture

With the mutual consent to use WSDL (Web Service Description Language) to describe web service interfaces and SOAP as the basic communication protocol, the cornerstone for web service-oriented architecture (WSOA) has been established. Considering the momentum observable by the growing number of specifications in the web service domain for the indispensable cross-cutting concern of identity management (IdM) it is still an open issue how a WSOA-aware IdM architecture is built and how it is linked with WSOAs main elements, the web services providing functional core concerns. In this paper we present an access control model for WSOA and a blueprint of a WSOA- aware authorization verification service which is part of the IdM architecture. We show the integration of this service with WSOA consisting of both basic and composite web services. Our solution has been tested and evaluated in an implementation case study.

SOA-Aware Authorization Control

The question how to handle authorization of digital identities in a service-oriented architecture (SOA) remains an open issue. In this paper we present a design pattern for the integration of legacy systems with SOA using out-of-the-box (unmodified) application servers and discuss how the architecture has to be extended by an Identity Management (IdM) infrastructure. We claim that the IdM infrastructure itself must be designed in a service-oriented way to fit into the overall SOA approach. We introduce a possibility how to decouple the policy enforcement point from the application server and propose an architectural design pattern to seamlessly integrate the SOAs business-related functionality and the IdM infrastructure. An implementation case study illustrates how to apply the invocation pattern for secured web services.

Integration of a Security Product in Service-Oriented Architecture

The future of enterprise software development lies in the use of a service-oriented architecture (SOA) to support business concerns. Business services are using security services offered by service-oriented security architectures for security support. The question re¬mains how to implement the security services using traditional security products and how to map security policies defined at service level to product-specific po¬licies. In this paper we present an approach for inte¬grating existing security products into service-oriented security architectures. We show how traditional se¬curity products can be adapted to fit into the overall service-oriented paradigm. We present a case study that applies our approach.

An MDA-Based Environment for Generating Access Control Policies

Identity management and access control are essential in the enterprise IT landscape in order to control access to applications and to fulfil laws or regulations. The global competition of enterprises leads to short development cycles and fast changes of IT applications, which requires also an error-free and quick adaption of its security. The model-driven development of access control policies promises to cope with this situation. This work introduces an mda-based environment for generating access control policies. A comprehensive overview is given on the organisational aspects, describing details of roles, artefacts and tools involved. On this basis the four phases of a model-driven development process for access control policies and their organisational aspects are presented.

Semantic Integration of Identity Data Repositories

With the continuously growing number of distributed and heterogeneous IT systems there is the need for structured and efficient identity management (IdM) processes. This implies that new users are created once and then the information is distributed to all applicable software systems same as if changes on existing user objects occur. The central issue is that there is no generally accepted standard for handling this information distribution because each system has its own internal representation of this data. Our approach is to give a semantic definition of the digital user objects’ attributes to ease the mapping process of an abstract user object to the concrete instantiation of each software system. Therefore we created an ontology to define the mapping of users’ attributes as well as an architecture which enables the semantic integration of identity data repositories. Our solution has been tested in an implementation case study.