Middleware support for auditing service process flows

Abstract

The ever increasing security and privacy concerns require organizations to strictly comply with the regulations and the guidelines. Similar to any other part of an organization, it is necessary to conduct audits to determine whether the IT systems are in compliance. We specifically focus on the IT systems that are founded on Service Oriented Computing (SOC) principals. In a service oriented system both the internal and the external services may easily interact with each other, which may make the establishment and the enforcement of the privacy policies and the rules across the systems increasingly challenging. We introduce efficient and flexible methods for auditing such systems by leveraging the middleware platform capabilities. We show how the service process flows that have been executed in the system can be audited both based on their structure and the information that is disclosed by them. Copyright 2006 ACM.