A framework for distributed authorization
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
RBAC on the Web by smart certificates
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Security models for web-based applications
Communications of the ACM
Fine grained access control for SOAP E-services
Proceedings of the 10th international conference on World Wide Web
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
An authorization model for a public key management service
ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Towards usage control models: beyond traditional access control
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
ACM Transactions on Information and System Security (TISSEC)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Resource Access Decision Service for CORBA-Based Distributed Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Communication Agreement Framework for Access/Action Control
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Understanding Trust Management Systems
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
An aspect-based process container for BPEL
AOMD '05 Proceedings of the 1st workshop on Aspect oriented middleware development
Web services enterprise security architecture: a case study
Proceedings of the 2005 workshop on Secure web services
Specifying distributed trust management in LolliMon
Proceedings of the 2006 workshop on Programming languages and analysis for security
Security-by-contract for web services
Proceedings of the 2007 ACM workshop on Secure web services
Authorization and User Failure Resiliency for WS-BPEL Business Processes
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
Efficient datalog abduction through bounded treewidth
AAAI'07 Proceedings of the 22nd national conference on Artificial intelligence - Volume 2
An extended XACML model to ensure secure information access for web services
Journal of Systems and Software
Tractable database design and datalog abduction through bounded treewidth
Information Systems
A Web Service Architecture for Enforcing Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
An attribute-based authorization policy framework with dynamic conflict resolution
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Integrating constraints to support legally flexible business processes
Information Systems Frontiers
An approach for implementation of RBAC models with context constraint to business process systems
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
A service-centric approach to a parameterized RBAC service
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Towards coequal authorization for dynamic collaboration
AMT'11 Proceedings of the 7th international conference on Active media technology
Securing web service compositions: formalizing authorization policies using event calculus
ICSOC'06 Proceedings of the 4th international conference on Service-Oriented Computing
Trust-Based secure workflow path construction
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
Supporting Secure Information Flow: An Engineering Approach
International Journal of e-Collaboration
Information and Software Technology
| Hi-index | 0.00 |
Business Processes for Web Services are the new paradigm for the lightweight integration of business from different enterprises.Whereas the security and access control policies for basic web services and distributed systems are well studied and almost standardized, there is not yet a comprehensive proposal for an access control architecture for business processes. The major issue is that a business process describe complex services that cross organizational boundaries and are provided by entities that see each other as just partners and nothing else.This calls for a number of differences with traditional aspects of access control architectures such as• credential vs classical user-based access control,• interactive and partner-based vs one-server-gathers-all requests of credentials from clients,• controlled disclosure of information vs all-or-nothing access control decisions,• abducing missing credentials for fulfilling requests vs deducing entailment of valid requests from credentials in formal models,• "source-code" authorization processes vs data describing policies for communicating policies or for orchestrating the work of authorization servers.Looking at the access control field we find good approximation of most components but not their synthesis into one access control architecture for business processes for web services, which is the contribution of this paper.