An effective access control approach to support web service security
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
| Hi-index | 0.00 |
Web service is a programmable interface accessible through a network. In this paper we focus on the scenario in which different organizations use web services to collaborate, share knowledge, integrate services and for providing value added services to customers. As a test case, we consider health care application in which different hospitals can give various types of services to other hospitals. We find Attribute Based Access Control (ABAC) model to be quite suitable for access control in web services. However, there is a need to enforce user's security policy to decide only which attributes should be disclosed so that users can reveal their attributes to service providers according to their need. We extend the ABAC model with user attribute disclosure restriction and propose a framework for defining and applying security policies.