Web Services and SOA provide interoperability and architectural baseline for flexible and dynamic cross enterprise collaborations, where execution and use of the participating services contributes to the common objective. Relationships within these collaborations are complex, with services joining and leaving throughout the life cycle, or the same services being offered in several collaborations simultaneously. This provides strong requirements for federated security, where integrity and confidentiality of the collaboration must be maintained through membership control, security policy enforcement and separation of web service instance interactions in different collaborations.

In this paper we propose a new Web Services (WS) framework for managing and controlling WS interactions in a federated environment, leveraging on platform virtualisation architecture and the functionalities provided by trusted secure hardware. The framework allows configuring policies that define collaboration membership, and enforce access to the collaboration per-WS instance. In addition, since the access to the configurations is restricted, it provides masterslave model where only authorised administrative entity can modify any of the above - either at the deployment or at the execution time. Some of the benefits of the proposed approach are: fine-grained external exposure of WSs, a flexible model for group membership control and revocation and hardware-enabled secure virtualised system providing functional process isolation and strong data security.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	I. Djordjevic , T. Dimitrakos , N. Romano , D. Mac Randal , P. Ritrovato, Dynamic security perimeters for inter-enterprise service integration, Future Generation Computer Systems, v.23 n.4, p.633-657, May, 2007  [doi>10.1016/j.future.2006.09.009]
	2	Djordjevic I., Dimitrakos T.: A system and protocol for coordinated management of shared security context of a collection of network entities within a federation. European Patent Office (in process, PCT application No. to be assigned)
	3	"TCG Specification Architecture Overview", Trusted Computing Group, Revision 1.2, April 2004, https://www.trustedcomputinggroup.org/
	4	Djordjevic I., Nair S.K., Dimitrakos T.: Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions. In proceedings of the International IEEE Conference on Web Services (ICWS07), July 9--13, 2007, Salt Lake City, Utah, USA
	5	Sedhukin I. (editor) "Web Services Distributed Management: Management of Web Services (WSDMMOWS) 1.0". OASIS OASIS Web Services Distributed Management (WSDM) TC. Dec. 2004.
	6	Andreas Maierhofer , Theo Dimitrakos , Leonid Titkov , David Brossard, Extendable and Adaptive Message-Level Security Enforcement Framework, Proceedings of the International conference on Networking and Services, p.72, July 16-18, 2006  [doi>10.1109/ICNS.2006.50]
	7	"TCG Generic Server Specification", v 1.0 revision 0.8, Trusted Computing Group, May 2005, https://www.trustedcomputinggroup.org/
	8	Creasy R. J.: The Origin of the VM/370 Time-Sharing System, IBM Journal of Research and Development, 25(5):483, 1981.
	9	Renato Figueiredo , Peter A. Dinda , Jose Fortes, Guest Editors' Introduction: Resource Virtualization Renaissance, Computer, v.38 n.5, p.28-31, May 2005  [doi>10.1109/MC.2005.159]
	10	Goldberg R. P.: Survey of Virtual Machine Research, IEEE Computer Magazine, 7(6):34--45, 1974.
	11	Nanda S., Chiueh T.: A Survey of Virtualization Technologies, Research Proficiency Report, Stony Brook, ECSL-TR-179, February 2005.
	12	Xuxian Jiang , Dongyan Xu, SODA: A Service-On-Demand Architecture for Application Service Hosting Utility Platforms, Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing, p.174, June 22-24, 2003
	13	Trusted Computing Group, https://www.trustedcomputinggroup.org/
	14	Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
	15	Dimitrakos T.: Securing application service exposure & integration in B2B collaborations. In business track of ECOWS 2006, the 4th IEEE European Conference on Web Services, Zurich, December 2006.
	16	TrustCoM project website: www.eu-trustcom.com
	17	BEinGRID project website: www.beingrid.eu
	18	Alfred J. Menezes , Scott A. Vanstone , Paul C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, Inc., Boca Raton, FL, 1996
	19	Dondeti L.R., Mukherjee S., Samal A.: Survey and Comparison of Secure Group Communication Protocols. Technical Report, University of Nebraska-Lincoln, June 1999; http://citeseer.ist.psu.edu/dondeti99survey.html
	20	Sandro Rafaeli , David Hutchison, A survey of key management for secure group communication, ACM Computing Surveys (CSUR), v.35 n.3, p.309-329, September 2003  [doi>10.1145/937503.937506]
	21	T. Ballardie , J. Crowcroft, Multicast-specific security threats and counter-measures, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), p.2, February 16-17, 1995
	22	An Integrated Solution for Secure Group Communication in Wide-Area Networks, Proceedings of the Sixth IEEE Symposium on Computers and Communications, p.22, July 03-05, 2001
	23	Ateniese G., Steiner M., Tsudik G.: New Multiparty Authentication Services and Key Agreement Protocol. IEEE Journal on Selected Areas in Communications, Vol.18, No.4, April 2000; pp. 628--639
	24	T. Hardjono , B. Weis, The Multicast Group Security Architecture, RFC Editor, 2004
	25	David W. Chadwick , Alexander Otenko , Edward Ball, Role-Based Access Control With X.509 Attribute Certificates, IEEE Internet Computing, v.7 n.2, p.62-69, March 2003  [doi>10.1109/MIC.2003.1189190]
	26	Mary R. Thompson , Abdelilah Essiari , Srilekha Mudumbai, Certificate-based authorization policy in a PKI environment, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.566-588, November 2003  [doi>10.1145/950191.950196]
	27	Pearlman L., Kesselman C., Welch V., Foster I., Tuecke S.: The Community Authorization Service: Status and Future. Conference for Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, California, USA, March 2003.
	28	Alfieri R. et al: Managing Dynamic User Communities in a Grid Autonomous Resources. Proc of Conference for Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, California, USA, March 2003.
	29	OASIS Specifications; http://www.oasis-open.org/committees/committees.php
	30	Web Services Trust Specification, www.ibm.com/developerworks/library/specification/ws-trust/
	31	Web Services Coordination Specification; www.ibm.com/developerworks/library/specification/ws-tx/
	32	Web Service Definition Language (WSDL) Specification; http://www.w3.org/TR/wsdl
	33	Web Services Resource Framework; http://www.globus.org/wsrf/
	34	Djordjevic I.: Architecture for Dynamic and Secure Group Working. PhD Thesis, University of London, London, UK, June 2004