Web Services Business Process Execution Language Version 0 Public Review Draft 02, 20 November, 2006

səhifə	17/23
tarix	27.06.2016
ölçüsü	2.65 Mb.

1 ... 13 14 15 16 17 18 19 20 ... 23

16. Security Considerations

Although WS-BPEL is inherently binding neutral it is strongly recommended that business process implementations use WS-Security when using a binding where messages may be modified or forged. WS-Security provides mechanisms to ensure messages have not been modified or forged while in transit or while residing at destinations. Similarly, there are mechanisms to prevent invalid or expired messages from being re-used or message headers not specifically associated with the specific message being referenced. Consequently, when using WS-Security, signatures should include the semantically significant headers and the message body (as well as any other relevant data) so that they cannot be independently separated and re-used.

Messaging protocols used to communicate among business processes are subject to various forms of replay attacks. In addition to the mechanisms listed above, messages should include a message timestamp (as described in WS-Security) within the signature. Recipients can use the timestamp information to cache the most recent messages for a business process and detect duplicate transmissions and prevent potential replay attacks.

It should also be noted that business process implementations are subject to various forms of denial-of-service attacks. Implementers of business process execution systems compliant with this specification should take this into account.

Appendix A. Standard Faults

The following list specifies the standard faults defined within the WS-BPEL specification. All standard fault names are qualified with the standard WS-BPEL namespace.

Table A.1. Standard Faults

Fault name	Description
ambiguousReceive	Thrown when a business process instance simultaneously enables two or more IMAs for the same partnerLink, portType, operation but different correlationSets, and the correlations of multiple of these activities match an incoming request message.
completionConditionFailure	Thrown if upon completion of a directly enclosed activity within activity it can be determined that the completion condition can never be true.
conflictingReceive	Thrown when more than one inbound message activity is enabled simultaneously for the same partner link, port type, operation and correlation set(s).
conflictingRequest	Thrown when more than one inbound message activity is open for the same partner link, operation and message exchange.
correlationViolation	Thrown when the contents of the messages that are processed in an , , , , or do not match specified correlation information.
invalidBranchCondition	Thrown if the integer value used in the completion condition of is larger than the number of directly enclosed activities.
invalidExpressionValue	Thrown when an expression used within a WS-BPEL construct (except ) returns an invalid value with respect to the expected XML Schema type.
invalidVariables	Thrown when an XML Schema validation (implicit or explicit) of a variable value fails.
joinFailure	Thrown when the join condition of an activity evaluates to false and the value of the suppressJoinFailure attribute is yes.
mismatchedAssignmentFailure	Thrown when incompatible types or incompatible XML infoset structure are encountered in an activity.
missingReply	Thrown when an inbound message activity has been executed, and the process instance or scope instance reaches the end of its execution without a corresponding activity having been executed.
missingRequest	Thrown when a activity cannot be associated with an open inbound message activity by matching the partner link, operation and message exchange tuple.
scopeInitializationFailure	Thrown if there is any problem creating any of the objects defined as part of scope initialization. This fault is always caught by the parent scope of the faulted scope.
selectionFailure	Thrown when a selection operation performed either in a function such as bpel:getVariableProperty, or in an assignment, encounters an error.
subLanguageExecutionFault	Thrown when the execution of an expression results in an unhandled fault in an expression language or query language.
uninitializedPartnerRole	Thrown when an or activity references a partner link whose partnerRole endpoint reference is not initialized.
uninitializedVariable	Thrown when there is an attempt to access the value of an uninitialized variable or in the case of a message type variable one of its uninitialized parts.
unsupportedReference	Thrown when a WS-BPEL implementation fails to interpret the combination of the reference-scheme attribute and the content element OR just the content element alone.
xsltInvalidSource	Thrown when the transformation source provided in a bpel:doXslTransform function call was not legal (i.e., not an EII).
xsltStylesheetNotFound	Thrown when the named style sheet in a bpel:doXslTransform function call was not found.

1 ... 13 14 15 16 17 18 19 20 ... 23