Web services are a successful technology for enterprise information management, where they are used to expose legacy applications on the corporate intranet or in businessto- business scenarios. The technologies used to expose applications as web services have matured, stabilized, and are defined as W3C standards. Now, the technology used to build applications based on web services, a process known as orchestration, is also maturing around the Web Services Business Process Execution Language (WS-BPEL). WS-BPEL falls short on one feature though: as it is focused on orchestration of fully automatic web-services, WSBPEL does not provide means for specifying human interactions, even less their access-control requirements. Human interactions are nonetheless needed for flexible business processes. This lacking feature of WS-BPEL has been highlighted in a white paper issued jointly by IBM and SAP, which “describes scenarios where users are involved in business processes, and defines appropriate extensions to WS-BPEL to address these.” These extensions, called BPEL4People, are well explained, but their implementation isn’t. In this paper, we propose a language for specifying these extensions, as well as an architecture to support them. The salient advantage of our architecture is that it allows for the reuse of existing BPEL engines. In addition, our language allows for specifying these extensions within the main BPEL script, hence preserving a global view of the process. We illustrate our extensions by revisiting the classic loan approval BPEL example.

This paper presents the case study of an interactive digital narrative and real-time visualization of an Italian theatre during the 19th century. This case study illustrates how to integrate the traditional concepts of cultural heritage with Virtual Reality (VR) technologies. In this way virtual reconstructions of cultural sites are lift up to an exciting new edutainment level. Novel multimedia interaction devices and digital narrative representations combined with environment historical and architectural certified, offer to the users real-time immersive visualization where to live experiences of the past. Starting to the studies of several project strengthening the great benefits connected at the use of the VR technologies in the cultural fields, the paper illustrates the motivations that have triggered a collaboration between the department of Computer Science[1] and the department of Performing Arts of the University of Milano [2] in order to develop this educational and entertaining system.

Privacy is one of the most important properties an information system must satisfy. A relatively new trend shows that classical access control techniques are not sufficient to guarantee privacy when datamining techniques are used. Privacy Preserving Data Mining (PPDM) algorithms have been recently introduced with the aim of modifying the database in such a way to prevent the discovery of sensible information. Due to the large amount of possible techniques that can be used to achieve this goal, it is necessary to provide some standard evaluation metrics to determine the best algorithms for a specific application or context. Currently, however, there is no common set of parameters that can be used for this purpose. This paper explores the problem of PPDM algorithm evaluation, starting from the key goal of preserving of data quality. To achieve such goal, we propose a formal definition of data quality specifically tailored for use in the context of PPDM algorithms, a set of evaluation parameters and an evaluation algorithm. The resulting evaluation core process is then presented as a part of a more general three step evaluation framework, taking also into account other aspects of the algorithm evaluation such as efficiency, scalability and level of privacy.

Distributed workflow based systems are widely used in various application domains including e-commerce, digital government, healthcare, manufacturing and many others. Workflows in these application domains are not restricted to the administrative boundaries of a single organization [1]. The tasks in a workflow need to be performed in a certain order and often times are subject to temporal constraints and dependencies [1, 2]. A key requirement for such workflow applications is to provide the right data to the right person at the right time. This requirement motivates for dynamic adaptations of workflows for dealing with changing environmental conditions and exceptions.

Security is today a relevant requirement for any distributed application, and in particular for these enabled by the Web such as e-health, e-commerce, and e-learning. It is thus crucial that the use of Web services, stand-alone or composed, provide strong security guarantees. Web services security encompasses several requirements that can be described along the well known security dimensions, that is: integrity, whereby a message must remain unaltered during transmission; confidentiality, whereby the contents of a message cannot be viewed while in transit, except by authorized services; availability, whereby a message is promptly delivered to the intended recipient, thus ensuring that legitimate users receive the services they are entitled to. Moreover, each Web service must protect its own resources against unauthorized access. This in turn requires suitable means for: identification, whereby the recipient of a message must be able to identify the sender; authentication, whereby the recipient of a message needs to verify the claimed identity of the sender; authorization, whereby the recipient of a message needs to apply access control policies to determine whether the sender has the right to use the required resources.

Trust negotiation supports authentication and access control across multiple security domains by allowing parties to use non-forgeable digital credentials to establish trust. By their nature trust negotiation systems are used in environments that are not always reliable. In particular, it is important not only to protect negotiations against malicious attacks, but also against failures and crashes of the parties or of the communication means. To address the problem of failures and crashes, we propose an efficient and secure recovery mechanism. The mechanism includes two recovery protocols, one for each of the two main negotiation phases. In fact, because of the requirements that both services and credentials have to be protected on the basis of the associated disclosure policies, most approaches distinguish between a phase of disclosure policy evaluation from a phase devoted to actual credentials exchange. We prove that the protocols, besides being efficient, are secure with respect to integrity, and confidentiality and are idempotent. To the best of our knowledge, this is the first effort for achieving robustness and fault tolerance of trust negotiation systems.

Nowadays, RFID applications have attracted a great deal of interest due to their increasing adoptions in supply chain management, logistics and security. They have posed many new challenges to existing underlying database technologies, such as the requirements of supporting big volume data, preserving data transition path and handling new types of queries. In this paper, we propose an efficient method to manage RFID data. We explore and take advantage of the containment relationships in the relational tables in order to support special queries in the RFID applications. The experimental evaluation conducted on an existing RDBMS demonstrates the efficiency of our method.

Most organizations require the verification of personal information before providing services, and the privacy of such information is of growing concern. The authors show how federated identity management systems can better protect users’ information when integrated with trust negotiation.

Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities.

To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.

In this paper we present a system we have built to disseminate cultural heritage distributed across multiple museums. Our system addresses the requirements of two categories of users: the end users that need to access information according to their interests and interaction preferences, and the domain experts and museum curators that need to develop thematic tours providing end users with a better understanding of the single artefact or collection. In our approach we make use of a semantic representation of the given heritage domain in order to build multiple visual interfaces, called “Virtual Wings” (VWs). Such interfaces allow users to navigate through data available from digital archives and thematic tours and to create their own personalized virtual visits. An interactive application integrating personalized digital guides (using PDAs) and 360 panoramic images is the example of VW presented.

Role Based Access Control (RBAC) has been introduced in an effort to facilitate authorization in database systems. It introduces roles as a new layer in between users and permissions. This not only provides a well maintained access granting mechanism, but also alleviates the burden to manage multiple users. While providing comprehensive access control, current RBAC models and systems do not take into consideration the possible risks that can be incurred with role misuse. In distributed environments a large number of users are a very common case, and a considerable number of them are first time users. This fact magnifies the need to measure risk before and after granting an access. We investigate the means of managing risks in RBAC employed distributed environments and introduce a probability based novel risk model. Based on each role, we use information about user credentials, current user queries, role history log and expected utility to calculate the overall risk. By executing data mining on query logs, our scheme generates normal query clusters. It then assigns different risk levels to individual queries, depending on how far they are from the normal clusters. We employ three types of granularity to represent queries in our architecture. We present experimental results on real data sets and compare the performances of the three granularity levels.

Push-based systems for distributing information through Internet are today becoming more and more popular and widely used. The widespread use of such systems raises non trivial security concerns. In particular, confidentiality, integrity and authenticity of the distributed data must be ensured. To cope with such issues, we describe here a system for securing push distribution of XML documents, which adopts digital signature and encryption techniques to ensure the above mentioned properties and allows the specification of both signature and access control policies. We also describe the implementation of the proposed system and present an extensive performance evaluation of its main components.

Simplifying the administration of location-based access-control policies requires a mechanism that supports both intuitive and scalable spatial constraint specifications and a flexible enforcement architecture. Policy Mapper is an administrative tool that helps define access control at conceptual and logical levels to carry out constraint specification and enforcement. The tool also provides an Interface Definition Language that couples the two levels. Policy Mapper bridges a critical gap between the expressiveness and enforcement of spatial constraints in location-based access-control policies.

Multimedia presentations are composed of objects belonging to different data types such as video, audio, text, and image. An important aspect is that, quite often, the user defining a presentation needs to express sophisticated temporal and spatial constraints among the objects composing the presentation. In this paper, we present a system (called MPGS—Multimedia Presentation Generator System) which supports the specification of constraints among multimedia objects and the generation of multimedia presentations according to the specified constraints. The constraint model provided by MPGS is very flexible and powerful in terms of the kinds of object constraints it can represent. A large number of innovative features are supported including: asynchronous and simultaneous spatial constraints; components of interest and priority levels; motion functions. Obviously, the flexibility provided to the users requires the development of nontrivial techniques to check constraint consistency and to generate a presentation satisfying the specified constraints. In this paper, we illustrate the solutions we have devised in the framework of MPGS.