{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:32:19Z","timestamp":1760243539577,"version":"build-2065373602"},"reference-count":48,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2012,2,14]],"date-time":"2012-02-14T00:00:00Z","timestamp":1329177600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Web service technology provides basic infrastructure for deploying collaborative business processes. Web Service security standards and protocols aim to provide secure communication and conversation between service providers and consumers. Still, for a client calling a Web service it is difficult to ascertain that a particular service instance satisfies\u2014at execution time\u2014specific non-functional properties. In this paper we introduce the notion of certified Web service assurance, characterizing how service consumers can specify the set of security properties that a service should satisfy. Also, we illustrate a mechanism to re-check non-functional properties when the execution context changes. To this end, we introduce the concept of context-aware certificate, and describe a dynamic, context-aware service discovery environment.<\/jats:p>","DOI":"10.3390\/fi4010092","type":"journal-article","created":{"date-parts":[[2012,2,14]],"date-time":"2012-02-14T11:26:59Z","timestamp":1329218819000},"page":"92-109","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Web Service Assurance: The Notion and the Issues"],"prefix":"10.3390","volume":"4","author":[{"given":"Marco","family":"Anisetti","sequence":"first","affiliation":[{"name":"Dipartimento di Tecnologie dell\u2019Informazione, Universit\u00e0 degli Studi di Milano, via Bramante 65\u201326013 Crema (CR), Italy"}]},{"given":"Claudio A.","family":"Ardagna","sequence":"additional","affiliation":[{"name":"Dipartimento di Tecnologie dell\u2019Informazione, Universit\u00e0 degli Studi di Milano, via Bramante 65\u201326013 Crema (CR), Italy"}]},{"given":"Ernesto","family":"Damiani","sequence":"additional","affiliation":[{"name":"Dipartimento di Tecnologie dell\u2019Informazione, Universit\u00e0 degli Studi di Milano, via Bramante 65\u201326013 Crema (CR), Italy"}]},{"given":"Fulvio","family":"Frati","sequence":"additional","affiliation":[{"name":"Dipartimento di Tecnologie dell\u2019Informazione, Universit\u00e0 degli Studi di Milano, via Bramante 65\u201326013 Crema (CR), Italy"}]},{"given":"Hausi A.","family":"M\u00fcller","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Victoria, STN CSC, Victoria, BC V8W 3P6, Canada"}]},{"given":"Atousa","family":"Pahlevan","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Victoria, STN CSC, Victoria, BC V8W 3P6, Canada"}]}],"member":"1968","published-online":{"date-parts":[[2012,2,14]]},"reference":[{"key":"ref_1","unstructured":"Galbraith, B., Hankinson, W., Hiotis, A., Janakiraman, M., Prasad, D.V., Trivedi, R., and Whitney, D. (2002). Professional Web Services Security, Wrox Press Ltd."},{"key":"ref_2","unstructured":"Software Engineering Institute (2012, February 06). Securing Web Services for Army SOA. Available online: http:\/\/www.sei.cmu.edu\/solutions\/softwaredev\/securing-web-services.cfm."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Damiani, E., and Ma\u00f1a, A. (2009, January 13). Toward WS-Certificate. Proceedings of the ACM Workshop on Secure Web Services, Chicago, IL, USA.","DOI":"10.1145\/1655121.1655123"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Han, J., Kowalczyk, R., and Khan, K. (2006, January 6\u20138). Security-oriented service composition and evolution. Proceedings of the 13th Asia Pacific Software Engineering Conference, Bangalore, India.","DOI":"10.1109\/APSEC.2006.51"},{"key":"ref_5","first-page":"1483","article-title":"Security ontology for annotating resources","volume":"Volume 3761","author":"Kim","year":"2005","journal-title":"On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE"},{"key":"ref_6","unstructured":"Nadalin, A., Kaler, C., Monzillo, R., and Hallam-Baker, P. (2012, February 06). Web Services Security: SOAP Message Security 1.1. Available online: http:\/\/www.oasis-open.org\/committees\/download.php\/16790\/wss-v1.1-spec-os-SOAPMessageSecurity.pdf."},{"key":"ref_7","unstructured":"Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., and Granqvist, H. (2012, February 06). WS-SecureConversation 1.3. Available online: http:\/\/docs.oasis-open.org\/ws-sx\/ws-secureconversation\/v1.3\/ws-secureconversation.html."},{"key":"ref_8","unstructured":"Vedamuthu, A., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., and Yalcinalp, U. (2012, February 06). Web Services Policy 1.5 - Framework. Available online: http:\/\/www.w3.org\/TR\/ws-policy\/."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Anisetti, M., Ardagna, C., and Damiani, E. (2011, January 5\u201310). Fine-grained modeling of web services for test-based security certification. Proceedings of the 8th IEEE International Conference on Services Computing, Washington, DC, USA.","DOI":"10.1109\/SCC.2011.27"},{"key":"ref_10","unstructured":"Frantzen, L., Tretmans, J., and d. Vries, R. (2006, January 6). Towards model-based testing of web services. Proceedings of the International Workshop on Web Services\u2014Modeling and Testing, Palermo, Italy."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/11754008_7","article-title":"Generating test cases for web services using extended finite dtate machine","volume":"Volume 3964","author":"Keum","year":"2006","journal-title":"Testing of Communicating Systems"},{"key":"ref_12","first-page":"1","article-title":"Test generation based on symbolic specifications","volume":"Volume 3395","author":"Frantzen","year":"2004","journal-title":"Proceedings of the 4th International Workshop on Formal Approaches to Software Testing"},{"key":"ref_13","unstructured":"Pahlevan, A., M\u00fcller, H.A., and Cheng, M. (2010). Proceedings of the 4th International Workshop on a Research Agenda for Maintenance and Evolution of Service-Oriented Systems, Carnegie Mellon University."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Damiani, E., El Ioini, N., Sillitti, A., and Succi, G. (2009, January 6\u201310). WS-Certificate. Proceedings of the IEEE Congress on Services, Part I, Los Angeles, CA, USA.","DOI":"10.1109\/SERVICES-I.2009.132"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Damiani, E., Ardagna, C., and Ioini, N.E. (2009). Open Source Systems Security Certification, Springer.","DOI":"10.1007\/978-0-387-77324-7"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Herrmann, D. (2002). Using the common criteria for IT security evaluation.","DOI":"10.1201\/9781420031423"},{"key":"ref_17","unstructured":"US Department of Defence (2012, February 06). Department of Defense Trusted Computer System Evaluation Criteria, Available online: http:\/\/csrc.nist.gov\/publications\/secpubs\/rainbow\/std001.txt."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1109\/MITP.2006.51","article-title":"Testing services and service-centric systems: Challenges and opportunities","volume":"8","author":"Canfora","year":"2006","journal-title":"IT Prof."},{"key":"ref_19","unstructured":"Bloomberg, J. (2012, February 06). The Rational Edge Ezine for the Rational Community: Testing web services today and tomorrow. Available online: http:\/\/www.p2080.co.il\/go\/p2080h\/files\/4989377677.pdf."},{"key":"ref_20","unstructured":"Hanna, S., and Munro, M. (2007). Proceedings of the IEEE\/ACS International Conference on Computer Systems and Applications, IEEE CS."},{"key":"ref_21","unstructured":"Jokhio, M., Dobbie, G., and Sun, J. (2009). Proceedings of the 20th Australian Software Engineering Conference, IEEE CS."},{"key":"ref_22","unstructured":"Mao, C. (2009). Proceedings of the 7th ACIS International Conference on Software Engineering Research, Management and Applications, IEEE CS."},{"key":"ref_23","unstructured":"Noikajana, S., and Suwannasart, T. (2009). Proceedings of International Conference on Quality Software, IEEE CS."},{"key":"ref_24","unstructured":"Bai, X., Dong, W., Tsai, W.T., and Chen, Y. (2005). Proceedings of the IEEE International Conference on Service-Oriented System Engineering, IEEE CS."},{"key":"ref_25","unstructured":"Dong, W.L., and Yu, H. (2006). Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference Workshops, IEEE CS."},{"key":"ref_26","first-page":"277","article-title":"CrossFlow: Cross-organizational workflow management in dynamic virtual enterprises","volume":"15","author":"Grefen","year":"2000","journal-title":"Int. J. Comput. Syst. Sci. Eng."},{"key":"ref_27","unstructured":"Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guizar, A., and Kartha, N. (2012, February 06). Web services business process execution language version 2.0. Available online: http:\/\/docs.oasis-open.org\/wsbpel\/2.0\/wsbpel-v2.0.pdf."},{"key":"ref_28","unstructured":"Skogan, D., Gronmo, R., and Solheim, I. (2004). Proceedings of the IEEE International Enterprise Distributed Object Computing Conference, IEEE CS."},{"key":"ref_29","unstructured":"Kramler, G., Kapsammer, E., Kappel, G., and Retschitzegger, W. (2005). Interoperability of Enterprise Software and Applications, Springer."},{"key":"ref_30","unstructured":"Rumbaugh, J., Jacobson, I., and Booch, G. (2004). The Unified Modeling Language Reference Manual, Addison-Wesley Professional."},{"key":"ref_31","unstructured":"J\u00fcrjens, J. (2002). Proceedings of the 5th International Conference on The Unified Modeling Language, Springer Verlag."},{"key":"ref_32","unstructured":"Lodderstedt, T., Basin, D., and Doser, J. (2002). Proceedings of the 5th International Conference on The Unified Modeling Language, Springer Verlag."},{"key":"ref_33","unstructured":"(2012, February 06). Automated Validation of Internet Security Protocols and Applications (AVISPA). Available online: http:\/\/www.avispa-project.org\/."},{"key":"ref_34","unstructured":"Chevalier, Y., Compagna, L., Cuellar, J., Drieslma, P.H., Mantovani, J., Mdersheim, S., and Vigneron, L. (2004). Proceedings of Workshop on Specification and Automated Processing of Security Requirements, Austrian Computer Society."},{"key":"ref_35","unstructured":"(2012, February 06). Automated Validation of Trust and Security of Service-oriented Architectures (AVANTSSAR). Available online: http:\/\/www.avantssar.eu\/."},{"key":"ref_36","first-page":"730","article-title":"SATMC: A SAT-based Model Checker for Security Protocols","volume":"Volume 3229","author":"Armando","year":"2004","journal-title":"Proceedings of the 9th European Conference on Logics in Artificial Intelligence"},{"key":"ref_37","unstructured":"Compagna, L. (2005). SAT-based model-checking of security protocols. [Ph.D. Thesis, the University of Edinburgh]."},{"key":"ref_38","unstructured":"Armando, A., Carbone, R., Compagna, L., Cuellar, J., and Tobarra, L. (2008). Proceedings of the 6th ACM workshop on Formal methods in security engineering, ACM."},{"key":"ref_39","unstructured":"(2012, February 06). Secure Provision and Consumption in the Internet of Services (SPaCIoS). Available online: http:\/\/www.spacios.eu\/."},{"key":"ref_40","unstructured":"(2012, February 06). Ensuring Trustworthiness and Security in Service Composition (ANIKETOS). Available online: http:\/\/aniketos.eu\/."},{"key":"ref_41","unstructured":"(2012, February 06). Advanced Security Service cERTificate for SOA (ASSERT4SOA). Available online: http:\/\/www.assert4soa.eu\/."},{"key":"ref_42","unstructured":"G\u00fcrgens, S., Ochsenschl\u00e4ger, P., and Rudolph, C. (2002). Proceedings of IEEE International Workshop on Trust and Privacy in Digital Business, IEEE CS."},{"key":"ref_43","first-page":"229","article-title":"Security Analysis of (Un-)Fair Non-repudiation Protocols","volume":"2629\/2003","author":"Rudolph","year":"2003","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_44","first-page":"438","article-title":"Security Evaluation of Scenarios based on the TCG\u2019s TPM Specification","volume":"4734\/2007","author":"Rudolph","year":"2007","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_45","unstructured":"Fraunhofer Institute for Secure Information Technology SIT, D (2012, February 06). Simple Homomorphism Verification Tool\u2014Manual. Available online: http:\/\/publica.fraunhofer.de\/starweb\/servlet.starweb?path=pub0.web&search=N-47349."},{"key":"ref_46","unstructured":"Tsai, W., Paul, R., Cao, Z., Yu, L., Saimi, A., and Xiao, B. (2003). 8th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2003), IEEE CS."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/844357.844360","article-title":"A model for web services discovery with QoS","volume":"4","author":"Ran","year":"2003","journal-title":"ACM SIGecom Exch."},{"key":"ref_48","unstructured":"Serhani, M., Dssouli, R., Hafid, A., and Sahraoui, H. (2005). Proceedings of the IEEE International Conference on Web Services, IEEE CS."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/4\/1\/92\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T21:48:54Z","timestamp":1760219334000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/4\/1\/92"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,2,14]]},"references-count":48,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2012,3]]}},"alternative-id":["fi4010092"],"URL":"https:\/\/doi.org\/10.3390\/fi4010092","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2012,2,14]]}}}