An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
Understanding Web Services: XML, WSDL, SOAP, and UDDI
Understanding Web Services: XML, WSDL, SOAP, and UDDI
The XSL Companion
Professional Web Services Security
Professional Web Services Security
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
Towards securing XML Web services
Proceedings of the 2002 ACM workshop on XML security
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
An extended XACML model to ensure secure information access for web services
Journal of Systems and Software
A novel aspect-oriented BPEL framework for the dynamic enforcement of web services security
International Journal of Web and Grid Services
New XACML-AspectBPEL approach for composite web services security
International Journal of Web and Grid Services
XrML-RBLicensing approach adapted to the BPEL process of composite web services
Service Oriented Computing and Applications
Hi-index | 0.00 |
Web services represent a challenge and an opportunity for organizations wishing to expose product and services offerings through the Internet. The Web service technology provides an environment in which service providers and consumers can discover each other and conduct business transactions through the exchange of XML-based documents. However, any organization using XML and Web Services must ensure that only the right users, sending the appropriate XML content, can access their Web Services. Access control policy specification for controlling access to Web services is then becoming an emergent research area due to the rapid development of Web services in modern economy. This paper is an effort to understand the basic concepts for securing Web services and the requirements for implementing secure Web services. We describe the design and implementation of a Web service architecture for enforcing access control policies, the overall rationale and some specific choices of our design are discussed.