Specification of access control and certification policies for semantic web services

Authors:
Sudhir Agarwal;Barbara Sprick
Affiliations:
Institute of Applied Informatics and Formal Description Methods (AIFB), University of Karlsruhe (TH), Germany;Department of Computer Science and Automation, Indian Institute of Science, Bangalore, India
Venue:
EC-Web'05 Proceedings of the 6th international conference on E-Commerce and Web Technologies
Year:
2005

Citing 4
Cited 5

An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
DAML-S: Web Service Description for the Semantic Web

ISWC '02 Proceedings of the First International Semantic Web Conference on The Semantic Web
A Policy Language for a Pervasive Computing Environment

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Access Control for Semantic Web Services

ICWS '04 Proceedings of the IEEE International Conference on Web Services

Automatic matchmaking of web services

Proceedings of the 15th international conference on World Wide Web
Towards a context-based multi-type policy approach for Web services composition

Data & Knowledge Engineering
On the reputation of communities of web services

NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
Editorial: Using OWL and SWRL to represent and reason with situation-based access control policies

Data & Knowledge Engineering
Usage policies for document compositions

ESWC'10 Proceedings of the 7th international conference on The Semantic Web: research and Applications - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this purpose. However, since practically every participant can certify capabilities defined in his/her own terminology, determining the semantics of certified capabilities and the trustworthiness of certification authorities are two major challenges in such a setting. In this paper, we show, (1) how certification authorities and their certification policies can be modeled semantically (2) how Web service providers can specify and check the consistency of their access control policies and (3) how end users can check automatically, whether they have access to a Web service.