Role-Based Access Control Models
Computer
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Introduction: Service-oriented computing
Communications of the ACM - Service-oriented computing
A Role based Access Control for Web Services
SCC '04 Proceedings of the 2004 IEEE International Conference on Services Computing
Access control enforcement for conversation-based web services
Proceedings of the 15th international conference on World Wide Web
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Verification of Access Control Requirements in Web Services Choreography
SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 1
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
SOAC: A Conceptual Model for Managing Service-Oriented Authorization
SCC '10 Proceedings of the 2010 IEEE International Conference on Services Computing
SOAC engine: a system to manage composite web service authorization
WISE'11 Proceedings of the 12th international conference on Web information system engineering
Hi-index | 0.00 |
Web services can be composed of other services in a highly dynamic manner. The existing role based authorization approaches have not adequately taken component services into account when managing access control for composite services. In this paper, we propose a service oriented conceptual model as an extension of role based access control that can facilitate the administration and management of access for service consumers as well as component services in composite web services. Various types of conflict of interest are identified due to the complicated relationships among service consumers and component services. A set of authorization rules are developed to prevent the conflict of interest. This research is a step forward to addressing the challenge in authorization in the context of composite web services.