O. Zimmermann, V. Doubrovski, J. Grundler, and K. Hogg, Service-oriented architecture and business process choreography in an order management scenario, Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications , OOPSLA '05, pp.301-312, 2005.
DOI : 10.1145/1094855.1094965

U. Government, The privacy and electronic communications (ec directive) regulations, 2003.

E. Parliament, Directive 95/46/ec of the european parliament and of the council, 2009.

J. Sun and . Community, Process Program: Sun JSR-000208 Java Business Integration, 2005.

A. Pretschner, M. Hilty, D. Basin, C. Schaefer, and T. Walter, Mechanisms for usage control, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.240-244, 2008.
DOI : 10.1145/1368310.1368344
URL : http://www.inf.ethz.ch/personal/basin/pubs/asiaccs08.pdf

K. Ueno and M. Tatsubori, Early capacity testing of an enterprise service bus, ICWS '06: Proceedings of the IEEE International Conference on Web Services, pp.709-716, 2006.
DOI : 10.1109/icws.2006.57

A. Svirskas, J. Isachenkova, and R. Molva, Towards secure and trusted collaboration environment for European public sector, 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2007), pp.49-56, 2007.
DOI : 10.1109/COLCOM.2007.4553808

K. Leune, W. J. Van-den-heuvel, and M. Papazoglou, Exploring a multi-faceted framework for soc: how to develop secure web-service interactions? Research Issues on Data Engineering, Proc. 14th Intl. Workshop on, pp.56-61, 2004.
DOI : 10.1109/ride.2004.1281703

A. Maierhofer, T. Dimitrakos, L. Titkov, and D. Brossard, Extendable and adaptive message-level security enforcement framework. Networking and Services, pp.6-72, 2006.
DOI : 10.1109/icns.2006.50

T. Goovaerts, B. De-win, and W. Joosen, Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies, Electronic Notes in Theoretical Computer Science, vol.197, issue.1, pp.31-43, 2008.
DOI : 10.1016/j.entcs.2007.10.012
URL : https://doi.org/10.1016/j.entcs.2007.10.012

T. Lam and N. Minsky, A collaborative framework for enforcing server commitments, and for regulating server interactive behavior in SOA-based systems, Proceedings of the 5th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing, pp.1-10, 2009.
DOI : 10.4108/ICST.COLLABORATECOM2009.8347

N. Damianou, N. Dulay, E. Lupu, and M. Sloman, The Ponder Policy Specification Language, POLICY '01: Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pp.18-38, 2001.
DOI : 10.1007/3-540-44569-2_2

M. Backes, B. Pfitzmann, and M. Schunter, A Toolkit for Managing Enterprise Privacy Policies, Proc. of ESORICS03, pp.162-180, 2003.
DOI : 10.1007/978-3-540-39650-5_10
URL : http://www.infsec.cs.uni-sb.de/~backes/papers/toolkit-esorics03.pdf

C. Ribeiro, A. Zquete, P. Ferreira, and P. Guedes, Spl: An access control language for security policies with complex constraints, Proceedings of the Network and Distributed System Security Symposium, pp.89-107, 1999.

F. Baiardi, F. Martinelli, P. Mori, and A. Vaccarelli, Improving grid services security with fine grained policies, Proc. On the Move to Meaningful Internet Systems Workshop, pp.123-134, 2004.
DOI : 10.1007/978-3-540-30470-8_30

M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter, A Policy Language for Distributed Usage Control, 12th European Symposium on Research in Computer Security, pp.531-546, 2007.
DOI : 10.1007/978-3-540-74835-9_35
URL : http://www22.informatik.tu-muenchen.de/fileadmin/papers/esorics07.pdf

D. Povey, Optimistic security, Proceedings of the 1999 workshop on New security paradigms , NSPW '99, pp.40-45, 1999.
DOI : 10.1145/335169.335188

J. Brunel, F. Cuppens, N. Cuppens, T. Sans, and J. P. Bodeveix, Security policy compliance with violation management, Proceedings of the 2007 ACM workshop on Formal methods in security engineering , FMSE '07, pp.31-40, 2007.
DOI : 10.1145/1314436.1314441

K. Irwin, T. Yu, and W. H. Winsborough, Assigning Responsibility for Failed Obligations, IFIP Intl. Federation for Information Processing, vol.263, pp.327-342, 2008.
DOI : 10.1007/978-0-387-09428-1_21
URL : http://www.csc.ncsu.edu/faculty/yu/pubs/iTrust-08.pdf

K. Irwin, T. Yu, and W. H. Winsborough, On the modeling and analysis of obligations, Proceedings of the 13th ACM conference on Computer and communications security , CCS '06, pp.134-143, 2006.
DOI : 10.1145/1180405.1180423

J. Park and R. Sandhu, usage control model, ACM Transactions on Information and System Security, vol.7, issue.1, pp.128-174, 2004.
DOI : 10.1145/984334.984339

B. Katt, X. Zhang, R. Breu, M. Hafner, and J. P. Seifert, A general obligation model and continuity, Proceedings of the 13th ACM symposium on Access control models and technologies , SACMAT '08, pp.123-132, 2008.
DOI : 10.1145/1377836.1377856

A. Pretschner, F. Schütz, C. Schaefer, and T. Walter, Policy Evolution in Distributed Usage Control, 4th Intl. Workshop on Security and Trust Management, 2008.
DOI : 10.1016/j.entcs.2009.07.042
URL : https://doi.org/10.1016/j.entcs.2009.07.042

C. Forgy, A network match routine for production systems, Working paper, 1974.