Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, for the acceptance of a service by the user, or for guaranteeing service characteristics in a composition of services, where a service is defined as either a software or a software-support (i.e., infrastructural) service which is available on any type of network or electronic channel. The goal of this article is to compare the approaches to QoS description in the literature, where several models and metamodels are included. consider a large spectrum of models and metamodels to describe service quality, ranging from ontological approaches to define quality measures, metrics, and dimensions, to metamodels enabling the specification of quality-based service requirements and capabilities as well as of SLAs (Service-Level Agreements) and SLA templates for service provisioning. Our survey is performed by inspecting the characteristics of the available approaches to reveal which are the consolidated ones and which are the ones specific to given aspects and to analyze where the need for further research and investigation lies. The approaches here illustrated have been selected based on a systematic review of conference proceedings and journals spanning various research areas in computer science and engineering, including: distributed, information, and telecommunication systems, networks and security, and service-oriented and grid computing.

/pdf/a-survey-on-service-quality-description-45tlign22h.pdf

A survey on service quality description

Proceedings of the 5th international conference on Parallel and Distributed Computing: applications and Technologies

In this paper, we propose an Internet of Things (IoT) virtualization framework to support connected objects sensor event processing and reasoning by providing a semantic overlay of underlying IoT cloud. The framework uses the sensor-as-aservice notion to expose IoT cloud's connected objects functional aspects in the form of web services. The framework uses an adapter oriented approach to address the issue of connectivity with various types of sensor nodes. We employ semantic enhanced access polices to ensure that only authorized parties can access the IoT framework services, which result in enhancing overall security of the proposed framework. Furthermore, the use of event-driven service oriented architecture (e-SOA) paradigm assists the framework to leverage the monitoring process by dynamically sensing and responding to different connected objects sensor events. We present our design principles, implementations, and demonstrate the development of IoT application with reasoning capability by using a green school motorcycle (GSMC) case study. Our exploration shows that amalgamation of e-SOA, semantic web technologies and virtualization paves the way to address the connectivity, security and monitoring issues of IoT domain.

SenaaS: An event-driven sensor virtualization approach for Internet of Things cloud

Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work. This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.

Current Research and Open Problems in Attribute-Based Access Control

Model-driven business process security requirement specification

Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, most current access control systems base authorization decisions on subject?s identity. Administrative scalability and control granularity are serious problems in those systems, and they are not fit for Web services environment. So an attribute-based access control model (WS-ABAC) is presented to address these issues in this paper. WS-ABAC grants access to services based on attributes of the related entities, and uses automated trust negotiation mechanism to address the disclosure issue of the sensitive attributes. It can provide administratively scalable alternative to identity-based authorization methods and provide fine-grained access control for Web services. Moreover, it also can protect user?s privacy.

An Attribute-Based Access Control Model for Web Services

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lacks of context-aware models for access control, and do not deal with composite Web service. In this paper, we present a context-aware role-based access control model (CGRBAC) to addresses these issues. The proposed approach introduces global roles which are used in the mapping to local roles of other services providers. We outline the configuration mechanism needed to apply our model to the Web services environment

https://www2.computer.org/portal/web/csdl/doi/10.1109/ICEBE.2005.1

A context-aware role-based access control model for Web services

Analyzes weightily WS-Federation based cross-domain single sign-on authentication for Web Services,and discusses its security issues.

Analysis of Cross-domain SSO Authentication for Web Services

The secure interaction between two or more administrative domains is a major concern. IRBAC2000 is a model that quickly establishes a flexible policy for dynamic role translation from foreign domains to local. A-IRBAC2000 mode utilizes RBAC to manage dynamic role translation between foreign and local domains. We will see that these mechanisms have significant shortcomings. We propose an improved administrative usage control model named AUCON to overcome the weakness of previous models. AUCON provides administrates user-role assignment for local and foreign domain with unified method. It provides flexible enough mechanism to distinguish users of foreign and local domain and can enforce more strict control for foreign user. While retaining the advantage of traditional RBAC model, AUCON model is being implemented in experiment system

Administrative Usage Control Model for Secure Interoperability

The XACML(eXtensible Access Control Markup Language) was analyzed,and an ABAC(Attribute-Based Access Control) model based on XACML in Web Service was presented.The model adopted the authorization mechanism based on user,resource and environment attributes,but not user identity.This mechanism can resolve administrative scalability problem and provide fine-grained access control for Web services,and it is fit for highly dynamic and distributed environment in Web services.

Hong Fan

Papers

An Attribute-Based Access Control Model for Web Services

A context-aware role-based access control model for Web services

Analysis of Cross-domain SSO Authentication for Web Services

Administrative Usage Control Model for Secure Interoperability

ABAC model based on XACML in Web Service