A Flexible Payment Scheme and Its Role-Based Access Control
IEEE Transactions on Knowledge and Data Engineering
Authorization algorithms for the mobility of user-role relationship
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Ubiquitous computing environments and its usage access control
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
A framework for role-based group deligation in distributed environments
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
Ticket-based mobile commerce system and its implementation
Proceedings of the 2nd ACM international workshop on Quality of service & security for wireless and mobile networks
Web services discovery based on schema matching
ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
Access control management for ubiquitous computing
Future Generation Computer Systems
Mobile services access and payment through reusable tickets
Computer Communications
A Generic Protocol for Controlling Access to Mobile Services
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Delegating revocations and authorizations in collaborative business environments
Information Systems Frontiers
WSXplorer: searching for desired web services
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Delegating revocations and authorizations
BPM'07 Proceedings of the 2007 international conference on Business process management
Provably secure integrated on/off-line electronic cash for flexible and efficient payment
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
A Provable Billing Protocol on the Current UMTS
Wireless Personal Communications: An International Journal
Independently verifiable decentralized role-based delegation
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Towards secure XML document with usage control
APWeb'05 Proceedings of the 7th Asia-Pacific web conference on Web Technologies Research and Development
Role-Based delegation with negative authorization
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Secure and efficient information sharing in multi-university E-Learning environments
ICWL'07 Proceedings of the 6th international conference on Advances in web based learning
Protecting disseminative information in E-Learning
ICWL'07 Proceedings of the 6th international conference on Advances in web based learning
| Hi-index | 0.00 |
Web services via wireless technologies, mobile services (M-services), HTTP, and XML have become important for conducting business. W3C XML Protocol Working Group has been developing standard techniques such as Web Services Description Language (WSDL), simple object access protocol (SOAP), universal description discovery and integration (UDDI). However, at this stage, there is no standard technique for access control in M-services. This paper describes a secure and flexible access control scheme and protocol for M-services based on role based access control (RBAC). The access control architecture involves a Trusted Credential Center (TCC), a Trusted Authentication and Registration Center (TARC) and a secure ticket based mechanism for service access. Users and service providers register with the TARC and are authenticated. Based on this, tickets are issued by the TCC to users. Tickets carry authorization information needed for the requested services. In particular, we are able to specify access control polices based on roles. The protocols between the various entities in the model are protected using appropriate security mechanisms such as signatures which are used to verify correctness of the requested service, as well as to direct billing information to the appropriate user. Our architecture supports efficient authentication of users and service providers over different domains and provides a secure access model for services to users. Our model is also able to support anonymity of users. Only the TARC is able to identify misbehaving users. We believe that the proposed architecture forms a good basis for achieving a secure and flexible M-service system.