Personal tools



Jump to: navigation, search

PhD thesis

Title Arquitetura para execução segura de workflows de eGovernment dinâmicos
Author Fábio Marques
School Universidade de Aveiro
Month June
Year 2013
Advisor André Zúquete, Gonçalo Paiva Dias
Group (before 2015) Information Systems and Telematics Laboratory

The integration of services from the citizens and businesses perspective and the need ensure some characteristics of the Public Administration as versatility and competitiveness puts some constraints on the design of architectures for service integration. To be able to integrate services in order to ensure the mutability of the Public Administration the creation of dynamic workflows is required. However, the creation of dynamic workflows raises some concerns in terms of security, particularly in relation to the privacy of results produced during the execution of the workflow and in relation to the application of control policies in workflow participation by many of the workflow executioners.

We present a set of principles and rules (architecture) that enable the creation and execution of dynamic workflows providing a security model that allows to solve the security issues mentioned before. The architecture combines the composition of services to construct complex services to which may be inherent a dynamic workflow. The architecture also uses a paradigm of standard messages exchange among service providers involved in a dynamic workflow. The proposed security model is closely linked to all the messages defined in the architecture.

Within the scope of this work several architectures and/or platform for service integration were identified and analyzed. The analysis aimed to identify the architectures that create dynamic workflows, and of these, those which use privacy mechanisms for the results and participation control by the executioners of these workflows.

The service integration architecture that we present is versatile, scalable, allows the provision of services between competing service providers and creates dynamic workflows. The architecture allows workflow participants to decide about their participation, decide on the participation of third parties (to whom they delegate services) and to whom the results are delivered. The participants are accredited by the certification authorities recognized by the other participants. The credentials provided by the certification authorities are the starting point for the application of the security policies within the architecture.

To validate the proposed architecture several use cases that exemplify the need to build dynamic workflows to address complex services (not provided in full by a single entity) were identified. These use cases were implemented in a prototype developed for this purpose. This experiment showed that the architecture is suitable to provide these services using dynamic workflows and that during the execution the security mechanisms are suited to control their participation, the involvement of third parties and the privacy of the results produced.

This dissertation is available here (in Portuguese):