{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:39:02Z","timestamp":1750307942357,"version":"3.41.0"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2007,11,1]],"date-time":"2007-11-01T00:00:00Z","timestamp":1193875200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2007,11]]},"abstract":"<jats:p>Multidomain application environments where distributed domains interoperate with each other is a reality in Web-services-based infrastructures. Collaboration enables domains to effectively share resources; however, it introduces several security and privacy challenges. In this article, we use the current web service standards such as SOAP and UDDI to enable secure interoperability in a service-oriented mediator-free environment. We propose a multihop SOAP messaging protocol that enables domains to discover secure access paths to access roles in different domains. Then we propose a path authentication mechanism based on the encapsulation of SOAP messages and the SOAP-DISG standard. Furthermore, we provide a service discovery protocol that enables domains to discover service descriptions stored in private UDDI registries.<\/jats:p>","DOI":"10.1145\/1294148.1294153","type":"journal-article","created":{"date-parts":[[2007,11,30]],"date-time":"2007-11-30T14:24:58Z","timestamp":1196432698000},"page":"5","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Web services discovery in secure collaboration environments"],"prefix":"10.1145","volume":"8","author":[{"given":"Mohamed","family":"Shehab","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]},{"given":"Kamal","family":"Bhattacharya","sequence":"additional","affiliation":[{"name":"IBM T.J. Watson, Yorktown Heights, NY"}]},{"given":"Arif","family":"Ghafoor","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]}],"member":"320","published-online":{"date-parts":[[2007,11]]},"reference":[{"volume-title":"Proceedings of the International Conference on Database and Expert Systems Applications (DEXA).","author":"Afsarmanesh H.","key":"e_1_2_1_1_1","unstructured":"Afsarmanesh , H. , Garita , C. , and Hertzberger , L . 1998. Virtual enterprises and federated information sharing . In Proceedings of the International Conference on Database and Expert Systems Applications (DEXA). Afsarmanesh, H., Garita, C., and Hertzberger, L. 1998. Virtual enterprises and federated information sharing. In Proceedings of the International Conference on Database and Expert Systems Applications (DEXA)."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/501983.501991"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300837"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/353580.353583"},{"key":"e_1_2_1_5_1","unstructured":"BPEL4WS. 2002. Business process execution language for web services (BPEL4WS). http:\/\/www-128.ibm.com\/developerworks\/library\/specification\/ws-bpel\/.  BPEL4WS. 2002. Business process execution language for web services (BPEL4WS). http:\/\/www-128.ibm.com\/developerworks\/library\/specification\/ws-bpel\/."},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy, 206--214","author":"Brewer D.","key":"e_1_2_1_6_1","unstructured":"Brewer , D. and Nash , M . 1989. The Chinese wall security policy . In Proceedings of the IEEE Symposium on Security and Privacy, 206--214 . Brewer, D. and Nash, M. 1989. The Chinese wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy, 206--214."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.444.0709"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948123"},{"key":"e_1_2_1_9_1","unstructured":"Ferraiolo D. Kuhn D. and Chandramouli R. 2003. Role-Based Access Control. Artech House.   Ferraiolo D. Kuhn D. and Chandramouli R. 2003. Role-Based Access Control. Artech House."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.431.0136"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008787317852"},{"key":"e_1_2_1_12_1","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/3261410","article-title":"Special issue on adaptive complex enterprises","volume":"48","author":"Desai A.","year":"2005","unstructured":"Desai , A. and Awad , N. 2005 . Special issue on adaptive complex enterprises . Commun. ACM 48 , 5 (May). Desai, A. and Awad, N. 2005. Special issue on adaptive complex enterprises. Commun. ACM 48, 5 (May).","journal-title":"Commun. ACM"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society","author":"Gong L.","key":"e_1_2_1_14_1","unstructured":"Gong , L. and Qian , X . 1994. The complexity and composability of secure interoperation . In Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society , Washington, DC, 190--200. Gong, L. and Qian, X. 1994. The complexity and composability of secure interoperation. In Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, 190--200."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.481533"},{"volume-title":"Proceedings of the 20th International Conference on Very Large Data Bases (VLDB), Morgan Kaufmann","author":"Jonscher D.","key":"e_1_2_1_16_1","unstructured":"Jonscher , D. and Dittrich , K . 1994. An approach for building secure database federations . In Proceedings of the 20th International Conference on Very Large Data Bases (VLDB), Morgan Kaufmann , San Francisco, CA, 24--35. Jonscher, D. and Dittrich, K. 1994. An approach for building secure database federations. In Proceedings of the 20th International Conference on Very Large Data Bases (VLDB), Morgan Kaufmann, San Francisco, CA, 24--35."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030091"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/327556.327641"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-003-0101-5"},{"key":"e_1_2_1_20_1","unstructured":"Morgenstern M. Lunt T. Thuraisingham B. and Spooner D. 1992. Security issues in federated database systems: Panel contributions. In Results of the IFIP WG 11.3 Workshop on Database Security V. North-Holland 131--148.   Morgenstern M. Lunt T. Thuraisingham B. and Spooner D. 1992. Security issues in federated database systems: Panel contributions. In Results of the IFIP WG 11.3 Workshop on Database Security V. North-Holland 131--148."},{"key":"e_1_2_1_21_1","unstructured":"Myerson J. 2004. Use SLAs in a web services context part 1: Guarantee your web service with a SLA. http:\/\/www-128.ibm.com\/developerworks\/library\/ws-sla\/.  Myerson J. 2004. Use SLAs in a web services context part 1: Guarantee your web service with a SLA. http:\/\/www-128.ibm.com\/developerworks\/library\/ws-sla\/."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060710.1060740"},{"key":"e_1_2_1_23_1","unstructured":"RBAC. 1996. Role based access control (RBAC). http:\/\/csrc.nist.gov\/rbac\/.  RBAC. 1996. Role based access control (RBAC). http:\/\/csrc.nist.gov\/rbac\/."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"e_1_2_1_25_1","unstructured":"SAML. 2004. Security assertions markup language (SAML). http:\/\/xml.coverpages.org\/saml.html.  SAML. 2004. Security assertions markup language (SAML). http:\/\/xml.coverpages.org\/saml.html."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.444.0781"},{"key":"e_1_2_1_28_1","volume-title":"Applied Cryptography","author":"Schneier B.","unstructured":"Schneier , B. 1996. Applied Cryptography , 2 nd ed. John Wiley . Schneier, B. 1996. Applied Cryptography, 2nd ed. John Wiley.","edition":"2"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.185"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102130"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1064007"},{"key":"e_1_2_1_32_1","unstructured":"SOAP. 2003. Simple object access protocol (SOAP). http:\/\/www.w3.org\/TR\/soap.  SOAP. 2003. Simple object access protocol (SOAP). http:\/\/www.w3.org\/TR\/soap."},{"key":"e_1_2_1_33_1","unstructured":"SOAP-DSIG. 2001. SOAP security extensions: Digital signature. http:\/\/www.w3.org\/TR\/SOAP-dsig.  SOAP-DSIG. 2001. SOAP security extensions: Digital signature. http:\/\/www.w3.org\/TR\/SOAP-dsig."},{"key":"e_1_2_1_34_1","unstructured":"UDDI. 2003. Universal description discovery and integration (UDDI). http:\/\/www.uddi.org.  UDDI. 2003. Universal description discovery and integration (UDDI). http:\/\/www.uddi.org."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/353670.353819"},{"volume-title":"Proceedings of the IFIP 11th International Conference on Database Security. Chapman and Hall","author":"Wiederhold G.","key":"e_1_2_1_36_1","unstructured":"Wiederhold , G. , Bilello , M. , and Donahue , C . 1998. Web implementation of a securtty mediator for medical databases . In Proceedings of the IFIP 11th International Conference on Database Security. Chapman and Hall , London, 60--72. Wiederhold, G., Bilello, M., and Donahue, C. 1998. Web implementation of a securtty mediator for medical databases. In Proceedings of the IFIP 11th International Conference on Database Security. Chapman and Hall, London, 60--72."},{"key":"e_1_2_1_37_1","unstructured":"WS-Policy. 2004. Web services policy framework (ws-policy). http:\/\/www-128.ibm.com\/developerworks\/webservices\/library\/specification\/ws-polfram\/.  WS-Policy. 2004. Web services policy framework (ws-policy). http:\/\/www-128.ibm.com\/developerworks\/webservices\/library\/specification\/ws-polfram\/."},{"key":"e_1_2_1_38_1","unstructured":"WS-Secmap. 2002. Security in a web services world: A proposed architecture and roadmap. http:\/\/www-128.ibm.com\/developerworks\/webservices\/library\/specification\/ws-secmap\/.  WS-Secmap. 2002. Security in a web services world: A proposed architecture and roadmap. http:\/\/www-128.ibm.com\/developerworks\/webservices\/library\/specification\/ws-secmap\/."},{"key":"e_1_2_1_39_1","unstructured":"WS-Security. 2002. Web services security (ws security). http:\/\/www-128.ibm.com\/developer-works\/webservices\/library\/specification\/ws-secure\/.  WS-Security. 2002. Web services security (ws security). http:\/\/www-128.ibm.com\/developer-works\/webservices\/library\/specification\/ws-secure\/."},{"key":"e_1_2_1_40_1","unstructured":"WS-Security. 2006. OASIS web services security. http:\/\/www.oasis-open.org\/committees\/wss\/.  WS-Security. 2006. OASIS web services security. http:\/\/www.oasis-open.org\/committees\/wss\/."},{"key":"e_1_2_1_41_1","unstructured":"WS-Trust. 2004. Web services trust language (ws trust). http:\/\/www-128.ibm.com\/developer-works\/library\/specification\/ws-trust\/.  WS-Trust. 2004. Web services trust language (ws trust). http:\/\/www-128.ibm.com\/developer-works\/library\/specification\/ws-trust\/."},{"key":"e_1_2_1_42_1","unstructured":"WSCI. 2002. Web service choreography interface (wsci). http:\/\/www.w3.org\/TR\/wsci.  WSCI. 2002. Web service choreography interface (wsci). http:\/\/www.w3.org\/TR\/wsci."},{"key":"e_1_2_1_43_1","unstructured":"WSDL. 2003. Web services description language (wsdl). http:\/\/www.w3.org\/TR\/wsdl.  WSDL. 2003. Web services description language (wsdl). http:\/\/www.w3.org\/TR\/wsdl."},{"key":"e_1_2_1_44_1","unstructured":"XACML. 2005. Extensible access control markup language (xacml). http:\/\/www.oasis-open.org\/committees\/xacml\/.  XACML. 2005. Extensible access control markup language (xacml). http:\/\/www.oasis-open.org\/committees\/xacml\/."},{"key":"e_1_2_1_45_1","unstructured":"XML-Sig. 2002. XML-Signature syntax and processing. http:\/\/www.w3.org\/TR\/xmldsig-core.  XML-Sig. 2002. XML-Signature syntax and processing. http:\/\/www.w3.org\/TR\/xmldsig-core."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1294148.1294153","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1294148.1294153","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T14:52:21Z","timestamp":1750258341000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1294148.1294153"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,11]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2007,11]]}},"alternative-id":["10.1145\/1294148.1294153"],"URL":"https:\/\/doi.org\/10.1145\/1294148.1294153","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"type":"print","value":"1533-5399"},{"type":"electronic","value":"1557-6051"}],"subject":[],"published":{"date-parts":[[2007,11]]},"assertion":[{"value":"2007-11-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}