Patrick C. K. Hung

WS-Negotiation: an overview of research issues

A Web service is defined as an autonomous unit of application logic that provides either some business functionality or information to other applications through an Internet connection. Web services are based on a set of XML standards such as Simple Object Access Protocol (SOAP), Universal Description, Discovery and Integration (UDDI) and Web Services Description Language (WSDL). In particular, Web services discovery is the process of finding most appropriate Web services providers needed by a Web services requestor. One of the important issues in the discovery process is for Web services providers and Web services requestors to negotiate and find a solution that is acceptable to both sides. Thus, a more sophisticated business model with negotiation feature is required for this challenging research area. As there are increasing demands for negotiation technologies in the context of Web services, this paper proposes an independent declarative XML language called WS-Negotiation for Web services providers and requestors. In general, WS-Negotiation contains three parts: negotiation message, which describes the format for messages exchanged among negotiation parties, negotiation protocol, which describes the mechanism and rules that negotiation parties should follow, and negotiation decision making, which is an internal and private decision process based on a cost-benefit model or other strategies. This paper also presents a service level agreement (SLA) template model with different domain specific vocabularies for supporting different types of business negotiations in WS-Negotiation.

Developing e-Negotiation support with a meta-modeling approach in a web services environment

Motivated by frequently repeated activities of negotiating similar sales contracts and inadequate studies of business-to-business (B2B) negotiation processes, we formulate a meta-model of e-Negotiation based on a practical meta-model for e-Contract template and template variables to allow flexible support for a variety of negotiation processes. Based on our meta-models, we develop an effective implementation framework with contemporary Web services technology. We illustrate our methodology with three typical kinds of sales e-Negotiation processes, namely, bargaining, auction, and request for proposals (RFPs). As a result, B2B, business-to-customer (B2C), or even customer-to-customer (C2C) negotiation can be systematically supported in a unified pragmatic framework for both human and programmatic access.

Developing workflow-based information integration (WII) with exception support in a Web services environment

Assembling a coherent view of distributed heterogeneous information and information processing resources is a challenging and important process for inter-organizational collaboration and service provision. We refer to this process as information integration. However, traditional information integration approaches do not consider human intervention and exceptions, such as obtaining access approvals from service providers. Therefore, we propose a workflow-based approach to address this problem. This is particularly suitable in a loosely coupled and autonomous Web services environment. In this paper, we propose an implementation framework of workflow-based information integration (WII) comprise four layers, namely, application layer, workflow layer, service layer, and message layer. In particular, our paper focuses on the workflow layer from the aspects of control-flows, data-flows and exception-flows by using the business process execution language for Web services (BPEL4WS), extended with our proposed data-integration and exception-handling assertions. Each service provider provides Web services at the service layer and BPEL4WS orchestrates them together in order to achieve workflow-based information integration plans. The message layer comprises SOAP message specifications. We map information into SOAP messages and link the proposed exception-handling assertions in BPEL4WS to SOAP-fault implementations. Lastly, we demonstrate the feasibility of our approach with a practical health administrative information integration case study at the application layer and examine some typical use cases of exceptions.

Security enforcement in activity management systems

Security enforcement is an issue of paramount importance for any system that facilitates computer supported cooperative work. An activity management system is a software that facilitates specification and decomposition, and execution of activities. An activity is a set of coordinated tasks (atomic activities). The focus of this paper is on supporting security in activity management systems. In particular, we present an architecture, and describe the mechanisms that need to be incorporated for enforcing security for activity specification and decomposition, and during activity execution. This paper provides a task-centered approach towards security enforcement, wherein, the security constraints are checked and the task is allowed to be executed only if none of the security constraints are violated. This is handled by the event-condition-action rule paradigm from active database systems.

Web metadata standards: observations and prescriptions

The World Wide Web has spawned numerous standards initiatives that aim to facilitate more powerful and interoperable functionality based on text exchange, but beyond mere Web page transfers. Software can take a Web pages data as input to further value-added processing, such as filtering items of interest, comparison shopping, finding potential business partners, and executing transactions. But software can do this only if the pages meaning is formalized and explicit. We review various Web content metadata standards and offer observations on their development efforts. Were motivated both by the sheer number of standards and a concern that in our haste to advance these standards and their promised functionality, we might overlook key lessons learned in various disciplines, including software engineering, software reuse, and library science. We call particular attention to the apparent confluence of standards development and artificial intelligence, which raises additional possibilities and concerns.

A study of least privilege in CapBasED-AMS

Workflow systems are becoming very popular and are being used to support many of the day to day activities in large organizations. One of the major problems with workflow systems is that they often use heterogeneous and distributed hardware and software systems to execute a given activity. This gives rise to decentralized security policies and mechanisms, which, in order to enable activity execution, give too many privileges to agents (humans or systems) for executing the work. We develop the concept of least privilege, wherein the set of agents are given just enough privileges to complete the given activities. We develop our concepts in the context of CapBasED-AMS (Capability-based and Event-driven Activity Management System). CapBasED-AMS deals with the management and execution of activities. An activity consists of multiple inter-dependent tasks (atomic activities, each executed by a single agent) that need to be coordinated, scheduled and executed by a set of agents. We formalize the concept of least privilege and present algorithms to statically assign least privilege assignment to the agents. We develop the concept of dynamic least privilege enforcement, wherein an agent is given its privileges only during the duration of the task for which those privileges were assigned. Finally, we introduce a metric, security risk factor and use it to evaluate the trade-off between least privilege and resilience to agent failure.

Constraint-based negotiation in a multi-agent information system with multiple platform support

Agent technologies have been deployed to model and implement e-commerce activities as multi-agent information systems (MAIS). Agents provide services to one another for mutual gain on behalf of their users. This paper presents an MAIS infrastructure based on belief-desire-in tension (BDI) agent architecture, constraint technology, and contemporary Web services to facilitate negotiation support. Further, the MAIS infrastructure also supports customizable degree of agent delegation for users on different platforms, with or without agent support. We present a constraint-based negotiation protocol extended for a MAIS environment and detail the required adaptations on different platforms from a three-tier implementation architecture aspect.

Algorithms for automated negotiations and their applications in information privacy

Automated negotiations have been an active research topic for many years. Most of the research work on this area focuses either on the abstract and theoretical models or on the system architectures for standalone negotiation applications. There is little work on identifying and studying practical algorithms for automated negotiations. In this paper, two algorithms have been proposed and their innovative applications have been discussed. The first algorithm guarantees that negotiation results are Pareto optimal solutions. The second algorithm guarantees that an agreement can be agreed upon after a certain number of proposal/counterproposal exchanges. These two algorithms can be used in the two-phase model for the automated negotiation process. In addition to these algorithms, their applications in information privacy negotiation have been described. In the information privacy management domain for service industries, it is critical for service requestors to only reveal the absolute necessary private information to the service providers. Traditionally, service requestors usually give whatever private information service providers have asked for. The grave consequence is that service providers may misuse the private information provided by service requestors, even though the service providers may have promised not to reveal it. Algorithms described in this paper can facilitate the privacy negotiation process. In order to show the concept of negotiation in information privacy, credit card information has been used to illustrate the application of algorithms.

LEAST PRIVILEGE SECURITY IN CAPBASED-AMS

Workflow systems are becoming very popular and are being used to support many of the day to day activities in large organizations. One of the major problems with workflow systems is that they often use heterogeneous and distributed hardware and software systems to execute a given activity. This gives rise to decentralized security policies and mechanisms, which, in order to enable activity execution, give too many privileges (for accessing resources like documents) to the agents (humans or systems) for executing the work. We develop the concept of least priviledge, wherein the set of agents are given just enough privileges to complete the given activities. We develop our concepts in the context of CapBasED-AMS (Capability-based and Event-driven Activity Management System). The CapBasED-AMS deals with the management and execution of activities. An activity consists of multiple inter-dependent tasks (atomic activities, each executed by a single agent) that need to be coordinated, scheduled and executed by a set of agents. We formalize the concept of least privilege security and present algorithms to statically assign least privilege assignment to the agents. Further, we develop the concept of dynamic least privilege enforcement, wherein an agent is given its privileges only during the duration of the task for which those privileges were assigned. We also develop the concept of dynamic evolution of least privileges by taking into consideration the changes in the way resources are accessed by the agents in executing their tasks. Finally, we address the trade-off between resilience to agent failure and least privilege.

From conflict of interest to separation of duties in WS-policy for Web services matchmaking process

A Web service is defined as an autonomous unit of application logic that provides either some business functionality or information to other applications through an Internet connection. Web services are based on a set of XML standards such as simple object access protocol (SOAP), universal description discovery and integration (UDDI) and Web services description language (WSDL). Web services architectures are built on an insecure, unmonitored and shared environment, which is open to events such as security threats. Security concerns are the major barrier that prevents many business organizations from implementing or employing Web services. Based on the previous research in conflict of interest (CIR), this paper further introduces another important security concept called separation of duties (SoD) for Web services matchmaking process (WSMP). Next, this paper discusses the relationships between CIR and SoD in the context of matchmaking process. The paper then extends these two concepts into specifying and implementing CIR and SoD assertions in the newly developed WS-policy. WS-policy is an XML representation that provides a grammar for expressing Web services policies, to allow service locators to have a common interpretation of security requirements in the matchmaking process. Further, this paper presents a matchmaking algorithm for maximizing the level of SoD. Lastly, this paper also describes a prototype framework with CIRService and SoDService services for supporting CIR and SoD assertions in matchmaking process.