An access control framework for web services-Reference-Cited by-同舟云学术

An access control framework for web services

Published:2005-02-01 Issue:1 Volume:13 Page:29-38
ISSN:0968-5227
Container-title:Information Management & Computer Security
language:en
Short-container-title:

Author:

Coetzee M.,Eloff J.H.P.

Abstract

PurposeTo define a framework for access control for virtual applications, enabled through web services technologies. The framework supports the loosely coupled manner in which web services are shared between partners.Design/methodology/approachA background discussion on relevant literature, with an example is used to illustrate the problem that exists. To enable access control composition, an extension is proposed to authorisation specification language, together with publication of access control requirements of a web service provider.FindingsThe framework shows that loosely coupled access control can be made possible by making use of the standard manner in which messages are communicated in XML, and by composing assertions with the access control policy of the provider in a consistent manner. Access to web service methods is only granted if permission can be derived for it, where the derivation step forms a formal proof.Research limitations/implicationsA basic framework has been defined. An architecture to support it must be defined. Only a very basic level of access control composition has been illustrated.Practical implicationsThe publication of access control requirements in standards such as WS‐Policy can be considered.Originality/valueThis paper offers a practical approach to address access control for web services.

Publisher

Emerald

Subject

Library and Information Sciences,Management Science and Operations Research,Business and International Management,Management Information Systems

Reference22 articles.

1. Anderson, A., Anderson, S., Adams, C., Beznosov, K., Brose, G. and Crocker, S. et al. (2003), Extensible Access Control Markup Language (XACML) 1.0 Specification, available at: www.oasis‐open.org/committees/tc_home.php?wg_abbrev=xacml.

2. Anderson, S., Bohren, J., Boubez, T., Chanliau, M., Della‐Libera, G. and Dixon, B. et al. (2004), Web Services Trust Language (WS‐Trust), available at: www.ibm.com/developerworks/library/ws‐trust/index.html.

3. Atkinson, A., Bellwood, T., Cahuzac, M., Clément, L., Colgrave, J. and Corda, U. et al. (2003), UDDI Version 3.0.1, available at: http://uddi.org/pubs/uddi‐v3.0.1‐20031014.htm.

4. Atkinson, B., Della‐Libera, G., Hada, S., Hondo, M., Hallam‐Baker, P. and Kaler, C. et al. (2002), Web Services Security (WS‐Security) Version 1.0, available at: www.verisign.com/wss/wss.pdf (accessed 5 April).

5. Bartel, M., Boyer, J., Eastlake, D., Fox, B., LaMacchia, B., Simon, E. and Solo, D. (2002), XML Signature, available at: www.w3.org/TR/2002/REC‐xmldsig‐core‐20020212/.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Incremental risks in Web 2.0 applications;The Electronic Library;2010-04-13