CIKM '95 Proceedings of the fourth international conference on Information and knowledge management
IEEE ADL '97 Proceedings of the IEEE international forum on Research and technology advances in digital libraries
Referee: trust management for Web applications
World Wide Web Journal - Special issue: Web security: a matter of trust
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
An architecture for a secure service discovery service
MobiCom '99 Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking
Managing trust between collaborating companies using outsourced role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Unraveling the Web Services Web: An Introduction to SOAP, WSDL, and UDDI
IEEE Internet Computing
Computer
EDOC '01 Proceedings of the 5th IEEE International Conference on Enterprise Distributed Object Computing
COMPSAC '98 Proceedings of the 22nd International Computer Software and Applications Conference
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
KeyNote: Trust Management for Public-Key Infrastructures (Position Paper)
Proceedings of the 6th International Workshop on Security Protocols
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Optimistic anonymous participation in inter-organizational workflow instances
ICISS'06 Proceedings of the Second international conference on Information Systems Security
| Hi-index | 0.00 |
The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. Compared to centralized systems and client-server environments, the Web service environment is much more dynamic and security for such an environment poses unique challenges. For example, an organization (e.g., a service provider or a service broker) cannot predetermine the users of its resources and fix their access privileges. Also, service providers come and go. The users of services must have some assurances about the services and the organizations that provide the services. Thus, the enforcement of security constraints cannot be static and tightly coupled. The notion of trust agreement must be established to delegate the responsibility of certification of unknown users, services, and organizations. In this paper, we describe a Trust-based Security Model (TSM) that incorporate the traditional security concepts (e.g., roles, resources, operations) with new security concepts that are specific to the Web service environment. The security concepts of TSM are then applied to the general Web service model to include security considerations. Finally, an event-driven, rule-based approach to the enforcement of security in a Web service environment is described.