RBAC on the Web by smart certificates
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Challenges of Adopting Web Services: Experiences from the Financial Industry
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Composition and evaluation of trustworthy Web Services
BSN '05 Proceedings of the IEEE EEE05 international workshop on Business services networks
An enhanced architecture for mobile retailing
Mobility '06 Proceedings of the 3rd international conference on Mobile technology, applications & systems
MobiPass: a passport for mobile business
Personal and Ubiquitous Computing
| Hi-index | 0.00 |
Security issues are one of the major deterrents to Web Services adoption in mission critical applications and to the realization of the dynamic e- Business vision of Service Oriented Computing. Role Based Access Control (RBAC) is a common approach for authorization as it greatly simplifies complex authorization procedures in enterprise information systems. However, as most RBAC implementations rely on the manual setup of pre-defined user-ID and password combinations to identify the particular user, this makes it very hard to conduct dynamic e-Business as the service requestor and service provider must have prior knowledge of each other before the transaction. This paper proposes a new Web Services security architecture which unifies the authorization and authentication processes by extending current digital certificate technologies. It enables secure Web Service authorization decisions between parties even if previously unknown to each other and it also enhances the trustworthiness of service discovery.