Identity Attribute-Based Role Provisioning for Human WS-BPEL Processes
Abstract
The WS-BPEL specification focuses on business processes the activities of which are assumed to be interactions with Web services. However, WS-BPEL processes go beyond the orchestration of activities exposed as Web services. There are cases in which people must be considered as additional participants to the execution of a process. The inclusion of humans, in turn, requires solutionsto support the specification and enforcement of authorizations to users for the execution of human activities while enforcing authorization constraints.In this paper, we extend RBAC-WS-BPEL, a role-based authorization framework for WS-BPEL processes with an identity attribute-based role provisioning approach that preserves the privacy of the users who claim the execution of human activities. Such approach is based on the notion of identity records and role provisioning policies, and uses Pedersen commitments, aggregated zero knowledge proof of knowledge, andOblivious Commitment-Based Envelope protocols to achieve privacy of user identity information.
Keywords
role, access control, privacy, identity attributes
Date of this Version
2009
Comments
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services