Web services enterprise security architecture: a case study
Proceedings of the 2005 workshop on Secure web services
Access control enforcement for conversation-based web services
Proceedings of the 15th international conference on World Wide Web
Automatic web services composition in trustaware communities
Proceedings of the 3rd ACM workshop on Secure web services
An extended XACML model to ensure secure information access for web services
Journal of Systems and Software
An effective access control approach to support web service security
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
Managing conflict of interest in service composition
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
ACConv -- An Access Control Model for Conversational Web Services
ACM Transactions on the Web (TWEB)
A trust and context aware access control model for web services conversations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
PASOAC-Net: a petri-net model to manage authorization in service-based business process
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
| Hi-index | 0.00 |
Web services are vulnerable to various types of security attacks. This paper addresses one type of attacks, where applications trying to access services to which they are not authorized. Existing access control for web services lack of support for global services. As such services are WAN-based, therefore access control needed to deal with various levels of web services, including global (for composite services) and local level (for web servers). This paper proposes two access control: SWS-RBAC (for single services) and CWS-RBAC (for global services). Instead of protecting the content of the service's parameters, these models protect the parameters themselves. The proposed approach introduces global roles which are used in the mapping to local roles of other service providers. To maintain the autonomy of roles between providers, an efficient role-mapping mechanism has been proposed accordingly.