On the design, implementation and application of an authorisation architecture for web services

Authors:
Sarath Indrakanti;Vijay Varadharajan;Ritesh Agarwal
Affiliations:
Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, NSW 2109, Australia.;Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, NSW 2109, Australia.;Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, NSW 2109, Australia
Venue:
International Journal of Information and Computer Security
Year:
2007

Citing 15
Cited 0

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models

Computer
An access control model supporting periodicity constraints and temporal reasoning

ACM Transactions on Database Systems (TODS)
XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
ACM SIGAda Ada Letters

ACM SIGAda Ada Letters
Toward open, secure, widely distributed services

Communications of the ACM - Adaptive middleware
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
DAML-S: Web Service Description for the Semantic Web

ISWC '02 Proceedings of the First International Semantic Web Conference on The Semantic Web
Designing a distributed access control processor for network services on the Web

Proceedings of the 2002 ACM workshop on XML security
Authorization in Enterprise-Wide Distributed System: A Practical Design and Application

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Certificate-based authorization policy in a PKI environment

ACM Transactions on Information and System Security (TISSEC)
Web Service Authorization Framework

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Access Control for Semantic Web Services

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Certificate-based access control for widely distributed resources

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A semantic approach for access control in web services

EuroWeb'02 Proceedings of the 2002 international conference on EuroWeb

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorisation of web services as well as the support for the management of authorisation information. The paper then describes the implementation aspects of the architecture. The architecture has been implemented and integrated within the.NET framework. The authorisation architecture for web services is demonstrated using a case study in the healthcare domain. The proposed architecture has several benefits. First and foremost, the architecture supports multiple access control models and mechanisms; it supports legacy applications exposed as web services as well as new web service-based applications built to leverage the benefits offered by the Service-Oriented Architecture; it is decentralised and distributed and provides flexible management and administration of web services and related authorisation information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to web services deployed on those platforms.