Spyridon Papastergiou

A Federated Privacy-Enhancing Identity Management System (FPE-IMS)

Privacy and identity management should not been treated as generic problems providing generic solutions and architectures. A systematic approach is required against the problems of conducting identity management effortlessly, conveniently and smoothly solving interoperability problems that impede the communication and creation of unified infrastructures and produce an interoperable solution for identity management. This paper aims to contribute towards the proposal of a federated privacy-enhancing identity management system providing all the main tools and services in order address the major privacy requirements, required for the achievement of privacy aware e/m-transactions. This system can be embedded to each reconfigurable framework, enhancing privacy issues on existing web services based platforms, which delivers privacy-aware e/m-organizational services.

Innovative, Secure and Interoperable E/M-Governmental Invoicing

Research into initiatives worldwide shows that although some of the legal and organizational barriers for the adoption of new technologies in e/m-government have been lifted, there are still not many implementations of actual e/m-government services that have been designed based on a common and systematic approach. The most prevailing requirements for e/m-government services, interoperability and security, pose major challenges to e/m-government architects and it is now being slowly understood that Web Services in combination with PKIs may provide the necessary solutions. In this context, this paper presents an innovative e/m-government service based on these technologies, focusing basically on their security and interoperability aspects. The goal of the paper is to demonstrate the services specifications and use cases so that it may act as example for further research and development.

A Secure Mobile Framework for m-Services

Public key infrastructures (PKIs) is recommended as the most appropriate solutions for achieving secure mobile services. This paper identifies the need for security in mobile communications and investigates the use of lightweight protocols such as the XML Key Management (XKMS) protocol for accessing PKI services. Finally it presents a secure mobile framework based on XML and Web Services-technologies and standards that adopts these protocols.

STORM: collaborative security management environment

Security Management is a necessary process in order to obtain an accurate security policy for Information and Communication Systems (ICS). Organizations spend a lot of money and time to implement their security policy. Existing risk assessment, business continuity and security management tools are unable to meet the growing needs of the current, distributed, complex IS and their critical data and services. Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (STORM) for the security management of ICSs.

A Secure e-Ordering Web Service

The electronic order (e-Ordering) service as an e-business process allows the true business-to-business secure collaboration by giving the opportunity to salesmen and purchasers to execute trustful processes of electronic trading opening new markets. The W3C working draft “Web Service Architecture (WSA) Requirements” and a set of EU Directives impose several security and privacy requirements that the e-Ordering implementations have to satisfy in order to achieve a secure transaction. This paper presents a set of these requirements and describes an e-ordering system (TOES) that address them based on extensible Markup Language (XML), XML Cryptography, Public Key Infrastructure (PKI), Web Services Policy Language (WSPL) and Web Services. The proposed e-Ordering service TOES is open, secure, interoperable, and affordable respecting the EU legislation.

Design principles of secure federated e/m-government framework

The implementation of large-scale enterprise frameworks for providing advanced e/m-government services necessitates the clear specification, the address, and maintenance of core fundamental design principles, strategies and guidelines. These will accelerate and assure the catch of common goals and benefits such as, to increase intrinsic interoperability, federation, vendor diversification options, business and technology domain alignment, organisational agility, and reduce IT burden. This paper proposes a synchronous e/m-government SOA framework, giving constant emphasis on how and where fundamental design principles are applied with the ultimate goal of producing high quality, secure and interoperable governmental, added-value services.

Interoperability testing for e-government web services

The provision of Web Service-based services in many areas of the digital world such as the e-Government still involves addressing interoperability of these services. Several testing methodologies that evaluate the interoperability of the services indicate the need for a machine-readable representation of the test cases allowing the automation of the test process. Existing languages for representing test cases demonstrate specific weaknesses. This paper identifies these weaknesses and proposes a sequence of steps for the definition of test cases and a XML representation of them based on the XML Requirement and Test language (XRT).

A holistic anonymity framework for web services

Security and Interoperability has been considered as the main requirements for e/m-business services. Technologies such as XML-security and WS-security were acknowledged as the most appropriate solutions to meet these requirements and Service Oriented Architectures (SOAs), the most appropriate framework design. Anonymity has become lately an additional requirement for various e/m-business services (e.g. e/m-ordering, e/m-ticketing) enabling the execution of unlikable, untraceable and unobservable interactions and enhancing the privacy of these services This paper proposes a holistic SOA meeting the security, interoperability and anonymity requirements.

A Testing Process for Interoperability and Conformance of Secure Web Services

The design, development and implementation of electronic (e-) services relying on XML and Web Service (WS)-based technologies is the current trend in achieving interoperability. Eservices can be offered either as autonomous Web Services or embedded in Service Oriented Architectures (SOAs) (High et al., 2005). In this context, despite the fact that applications with similar business goals adopt the same technical standards, quite often their interactions capabilities are extremely limited. Thus, application developers show an increasing concern for evaluating interoperability between common services which are offered either autonomously or through a SOA. The creation of a proper framework (EIF) has a significant importance in the evaluation of interoperability of such services and is accomplished by the precise definition of the applied standards and guidelines which guarantee the interaction of the services. Existing testing methodologies developed by various organizations (e.g ISO/IEC 9646, ESTI) treat the interoperability of services as a generic problem. They merely provide guidelines and describe high level testing procedures that can be applied to test interoperability of various telecommunication as well as software and data communication systems. Most Web Service-oriented methodologies (i.e. WS-I, ebXML IIC framework) demonstrate weaknesses as they are not capable of testing all the required aspects that compose an interoperability framework and mostly the security aspects of the message content. Additionally, in literature, specific testing types (Saglietti et al., 2008) have been presented defining diverse testing approaches that treat the applications under test either as white boxes having full knowledge of the software or as black boxes without any understanding of their internal behaviour or even as grey boxes with limited knowledge of their internal architecture. The nature the WSs (e.g. geographic distribution of the examined WSs and dependencies with external trusted third parties) plays an important role in the adoption of the most appropriate testing type as they raise specific challenges that should be underlined and taken into account. Therefore, there is a specific need for targeted methodologies and frameworks that check and guarantee the end-to-end application interaction capabilities of common Web Services and follow and deploy the most appropriate testing strategies covering all WSs aspects. Identifying this need, this paper proposes a well-formed grey box testing methodology 35

SWEB: An Advanced Mobile Residence Certificate Service

The design and development of an enhanced network infrastructure in combination with the adoption of new technologies, standards and architectural styles for the design, development and implementation of new platforms can give a significant push to the deployment of advanced mobile services in the area of public administration. In this context, we present an innovative m-government platform that provides an advanced mobile Residence Certificate service. The proposed platform is an interoperable, affordable, secure and scalable solution that addresses a set of crucial requirements such as security, user friendliness, interoperability, accessibility and scalability.