sult of a query. To this aim more advanced solutions
need to be coupled with Alfresco, without recurring
to ontologies and their supporting framework, as their
effectiveness is questionable and their usability has
a huge learning trend (Dur
´
an-Mu
˜
noz and Bautista-
Zambrana, 2017; Schulz et al., 2009).
Another aspect worth deepening may be how to
transfer such a system within the cloud, so that it
becomes accessible even in case of companies that
have multiple premises spanning around the world.
However, a change like that implies that the sensi-
tive company data may be stored outside the secu-
rity domain and control of the company, thus vulner-
able to possible leakage and misuses. To this aim,
it is crucial to protect its confidentiality and integrity
by means of proper cryptographic primitives (Singh
et al., 2016), without having to pay the cost of a re-
duced processing and retrieval capacity offered by the
system (Fu et al., 2016). Moreover, our security only
means allowing the management of the authentication
and authorization when interacting with the system,
but other security-related issues, such as protecting
the SOAP messages exchanging, detecting a possible
misbehaviour and managing the trust degree of the in-
teracting users, are not minor concerns and need to be
properly investigated. Last, JWT applies a very sim-
ple access control model, while more advanced and
dynamic models are available in the literature, such
as in (Esposito, 2018) and may be integrated within
the solution by extending what provided by JWT. This
may allow to achieve a more fine-grained control over
the access requests and to implement more resilient
solutions when companies encompasses multiple con-
sultants on specific projects.
5 CONCLUSIONS
The present work intended to provide some insights
as to the challenging and novel issue of storing and
managing all the documents that a civil engineering
company may produce in its life time when partic-
ipating to a project and/or responding to a call-for-
tender issues by a public administration. Our starting
point was represented by a content management sys-
tem tailored to this application domain built on top of
Alfresco, by implementing a set of RESTful web ser-
vices within the .NET framework. We have indicated
the possible research direction on improving the eas-
iness and expressiveness of the query language and
dealing with the key security demands in the system,
especially in the case of its cloudification. We be-
lieve that similar issues arise in other domains, from
the healthcare to the manufacturing industry, where
unstructured documents must be stored and queried.
Apart from the details of the properties described in
Section 3 and the repository structure in Figure 2, all
the design and relative implementation can be easily
adapter for other domains.
ACKNOWLEDGMENT
The described work has been partially supported by
the PROBIM research project, funded by the Italian
Ministry of Economic Development within the con-
text of Horizon 2020 - PON I&C 2014-20.
REFERENCES
Atkinson, B. et al. (2002). Web services security
(ws-security). specification. In Available at
https://www.it.iitb.ac.in/∼madhumita/research topics/
authentication/WS%20Security.pdf.
Barkley, J. (1997). Comparing simple role based access
control models and access control lists. In Proceed-
ings of the second ACM workshop on Role-based ac-
cess control.
C¸ etiner, O. (2010). A review of building information model-
ing tools from an architectural design perspective. in:
Handbook of research on building information model-
ing and construction informatics: Concepts and tech-
nologies. In IGI Global.
Dur
´
an-Mu
˜
noz, I. and Bautista-Zambrana, M. R. (2017).
Applying ontologies to terminology: Advantages and
disadvantages. In HERMES-Journal of Language and
Communication in Business, 26(51):65-77.
Eastman, C., Teicholz, P., Sacks, R., and Liston, K. (2018).
Bim handbook - a guide to building information mod-
eling for owners, managers, designers, engineers and
contractors. In John Wiley & Sons Inc, 3rd edition.
Esposito, C. (2018). Interoperable, dynamic and privacy-
preserving access control for cloud data storage when
integrating heterogeneous organizations. In Journal of
Network and Computer Applications, 108: 124-136.
EUR-Lex (2014). Directive 2014/24/eu of the euro-
pean parliament and of the council of 26 febru-
ary 2014 on public procurement and repealing di-
rective 2004/18/ec text with eea relevance. In D.
Available on line at https://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=celex%3A32014L0024.
Fu, Z., Ren, K., Shu, J., Sun, X., and Huang, F. (2016). En-
abling personalized search over encrypted outsourced
data with efficiency improvement. IEEE Transactions
on Parallel and Distributed Systems, 27(9):2546–
2559.
Grabowski, R. (1999). Hpgl overview. In Available at
cstep.luberth.com.
Jones, M., Bradley, J., and Sakimura, N. (2015). Json
web token (jwt). no. rfc 7519. In Available at
https://jwt.io/.
ICEIS 2019 - 21st International Conference on Enterprise Information Systems
656