A Fine-Grained Access Control Model for Web Services
SCC '04 Proceedings of the 2004 IEEE International Conference on Services Computing
On the Facilitation of Fine-Grained Access to Distributed Healthcare Data
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Implementing process views in the web service environment
World Wide Web
Executing SQL queries over encrypted character strings in the Database-As-Service model
Knowledge-Based Systems
Hi-index | 0.00 |
The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We formally define the protocol for carrying on negotiations, by specifying the types of message to be exchanged and their contents, based on which requestor and provider can reach an agreement about security requirements and services. We also discuss the architecture of the prototype we are currently implementing. As part of the architecture we propose a mechanism for mapping our policies onto the WS-Policy standard which provides a standardized grammar for expressing Web services policies.