Role-Based Access Control Models
Computer
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Securing XML Documents with Author-X
IEEE Internet Computing
XML-Based Distributed Access Control System
EC-WEB '02 Proceedings of the Third International Conference on E-Commerce and Web Technologies
RBAC Policies in XML for X.509 Based Privilege Management
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
Secure Content Distribution for Digital Libraries
ICADL '02 Proceedings of the 5th International Conference on Asian Digital Libraries: Digital Libraries: People, Knowledge, and Technology
Access Control Infrastructure for Digital Objects
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Integrating PMI services in CORBA applications
Computer Standards & Interfaces - CORBA: protocols, applications, process models and standards
Certificate-based access control for widely distributed resources
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Privacy-preserving semantic interoperation and access control of heterogeneous databases
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Semantic access control for information interoperation
Proceedings of the eleventh ACM symposium on Access control models and technologies
On the design, implementation and application of an authorisation architecture for web services
International Journal of Information and Computer Security
An authorization architecture for web services
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
| Hi-index | 0.00 |
One of the most important features of XML Web services is that they can be easily accessed over the Internet, but this makes them vulnerable to a series of security threats. What makes security for web services so challenging is their distributed and heterogeneous nature. In this sense, this paper presents an access control system for Web services. We introduce the Semantic Policy Language(SPL) for the description of access control criteria based on the use of attribute certificates. This language has been specifically designed to take advantage of semantic information about resources and the context to achieve full (syntactic and semantic) validation of policies. Furthermore, another objective in its design has been to facilitate the security management. In particular, SPL is modular, enables the abstraction and reuse of components, the composition of SPL policies in an unambiguous way, and the dynamic instantiation of parameters based on semantic properties about resources. Finally, the semantic integration of a Privilege Management Infrastructure (PMI) in access control systems of heterogeneous Web services built upon SPL enables their interoperability.