Propagation of data protection requirements in multi-stakeholder web services systems
WISE'10 Proceedings of the 11th international conference on Web information systems engineering
Security-aware web service composition approaches: state-of-the-art
Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services
Lightweight information flow control for web services
PPAM'11 Proceedings of the 9th international conference on Parallel Processing and Applied Mathematics - Volume Part II
Reliable Web service selection in choreographed environments
Decision Support Systems
Journal of Database Management
Fine-grained access control for cloud computing
International Journal of Grid and Utility Computing
Hi-index | 0.00 |
Existing web service access control models focus on individual web services, and do not consider service composition. In composite services, a major issue is information flow control. Critical information may flow from one service to another in a service chain through requests and responses and there is no mechanism for verifying that the flow complies with the access control policies. In this paper, we propose an innovative access control model to empower the services in a service chain to control the flow of their sensitive information. Our model supports information flow control through a back-check procedure and pass-on certificates. We also introduce additional factors such as the carry-along policy, security class, and transformation factor, to improve the protocol efficiency. A formal analysis is also presented to show the power and complexity of our protocol.