Role-Based Access Control Models
Computer
Managing security policies in a distributed environment using eXtensible markup language (XML)
Proceedings of the 2001 ACM symposium on Applied computing
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Machine Learning
Securing XML Documents with Author-X
IEEE Internet Computing
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
X-GTRBAC admin: a decentralized administration model for enterprise wide access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Context-based matching for Web service composition
Distributed and Parallel Databases
Framework for Web service query algebra and optimization
ACM Transactions on the Web (TWEB)
Trust-enhanced Security in Location-based Adaptive Authentication
Electronic Notes in Theoretical Computer Science (ENTCS)
MCSE: a multimedia context-based security engine
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
Context-aware systems: A literature review and classification
Expert Systems with Applications: An International Journal
Enforcing role based access control model with multimedia signatures
Journal of Systems Architecture: the EUROMICRO Journal
Working set-based access control for network file systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Benefits of Location-Based Access Control: A Literature Study
GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
Hecate, managing authorization with RESTful XML
Proceedings of the Second International Workshop on RESTful Design
Access policy compliance testing in a user centric trust service infrastructure
Proceedings of the International Workshop on Quality Assurance for Service-Based Applications
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Review: A framework for awareness maintenance
Journal of Network and Computer Applications
Security-aware web service composition approaches: state-of-the-art
Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services
A trust and context aware access control model for web services conversations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Behavioral Attestation for Web Services Based Business Processes
International Journal of Web Services Research
Hi-index | 0.00 |
A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. Additionally, the unique service access control features required in Web services technology are not captured in existing schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based Role Based Access Control (X-RBAC) framework that incorporates trust and context into access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and provide a service access control specification. The paper presents an example service access policy composed using our framework, and also describes the implementation architecture for the system.