Affiliation:
1. University of Trento
2. SAPIENZA Università di Roma
3. Qatar Computing Research Institute, Qatar Foundation
4. Purdue University
Abstract
With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including the protection of access control policies are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client’s choices in terms of which operations to execute. We propose
ACConv
, a novel model for access control in Web services that is suitable when interactions between the client and the Web service are conversational and long-running. The conversation-based access control model proposed in this article allows service providers to limit how much knowledge clients have about the credentials specified in their access policies. This is achieved while reducing the number of times credentials are asked from clients and minimizing the risk that clients drop out of a conversation with the Web service before reaching a final state due to the lack of necessary credentials. Clients are requested to provide credentials, and hence are entrusted with part of the Web service access control policies, only for some specific
granted conversations
which are decided based on: (1) a level of trust that the Web service provider has vis-à-vis the client, (2) the operation that the client is about to invoke, and (3)
meaningful conversations
which represent conversations that lead to a final state from the current one. We have implemented the proposed approach in a software prototype and conducted extensive experiments to show its effectiveness.
Funder
Division of Information and Intelligent Systems
Sapienza Università di Roma
Air Force Office of Scientific Research
Seventh Framework Programme
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications
Reference32 articles.
1. Anderson A. 2007. Web services profile of XACML (WS-XACML) version 1.0 OASIS standard specification. http://www.oasis-open.org/committees/download.php/24951/xacml-3.0-profile-webservices-spec-v1-wd-10-en.pdf. Anderson A. 2007. Web services profile of XACML (WS-XACML) version 1.0 OASIS standard specification. http://www.oasis-open.org/committees/download.php/24951/xacml-3.0-profile-webservices-spec-v1-wd-10-en.pdf.
2. Lecture Notes in Computer Science.;Ankolekar A.
3. AUTOMATIC SERVICE COMPOSITION BASED ON BEHAVIORAL DESCRIPTIONS
Cited by
12 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献