Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
ACM Transactions on Information and System Security (TISSEC)
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
Trust-serv: model-driven lifecycle management of trust negotiation policies for web services
Proceedings of the 13th international conference on World Wide Web
A Trust-based Context-Aware Access Control Model for Web-Services
ICWS '04 Proceedings of the IEEE International Conference on Web Services
A Role based Access Control for Web Services
SCC '04 Proceedings of the 2004 IEEE International Conference on Services Computing
ACM Transactions on Information and System Security (TISSEC)
Access control enforcement for conversation-based web services
Proceedings of the 15th international conference on World Wide Web
Managing role relationships in an information flow control model
Journal of Systems and Software
An Attribute-Based Access Control Model for Web Services
PDCAT '06 Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies
A Web Service Architecture for Enforcing Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Protocol engineering for web services conversations
Engineering Applications of Artificial Intelligence
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
Privacy preserving event driven integration for interoperating social and health systems
SDM'10 Proceedings of the 7th VLDB conference on Secure data management
Hi-index | 0.00 |
More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just ''allow or reject'' policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service.