Authorization-Based Access Control for the Services Oriented Architecture

Authors:
Alan H. Karp
Affiliations:
Hewlett-Packard Laboratories
Venue:
C5 '06 Proceedings of the Fourth International Conference on Creating, Connecting and Collaborating through Computing
Year:
2006

Citing 0
Cited 3

Access control for the services oriented architecture

Proceedings of the 2007 ACM workshop on Secure web services
Policy control management for web services

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Managing access control for things: a capability based approach

Proceedings of the 7th International Conference on Body Area Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Several attempts at using the Services Oriented Architecture have failed to achieve their goals of scalability, security, and manageability. These systems, which base access decisions on the identity of the requester, have been found to be inflexible, don't scale well, and are difficult to use and to upgrade. This paper shows that identity-based access control is a key contributor to these failures and proposes another way to approach the problem. Basing access control decisions on authorizations presented explicitly by the requester leads to a more securable and more robust architecture.