An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
BPEL4RBAC: An Authorisation Specification for WS-BPEL
WISE '08 Proceedings of the 9th international conference on Web Information Systems Engineering
Authorization Policy Based Business Collaboration Reliability Verification
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
A Verification Mechanism for Secured Message Processing in Business Collaboration
APWeb/WAIM '09 Proceedings of the Joint International Conferences on Advances in Data and Web Management
Authorization control in collaborative healthcare systems
Journal of Theoretical and Applied Electronic Commerce Research
A service-centric approach to a parameterized RBAC service
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
| Hi-index | 0.00 |
Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.