Designing a Distributed Access Control Processor for Network Services on the Web

Proceedings of the ACM Workshop on XML Security

Volumn , Issue , 2003, Pages 36-52

  Kraft, Reiner ^a  

^a IBM ALMADEN RESEARCH CENTER   (United States)

Author keywords

Access control; Security; Web services; XML

Indexed keywords

COMPUTER NETWORKS; DISTRIBUTED PARAMETER CONTROL SYSTEMS; INFORMATION SERVICES; SECURITY OF DATA; SEMANTICS; XML;

ACCESS CONTROLS;

WORLD WIDE WEB;

EID: 0141906346     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (51)

1. Kerberos: The network authentication protocol. http://web.mit.edu/kerberos/www/. last accessed: 3/7/2002.
2. R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Computer Publishing, 2001.
3. T. Berners-Lee, R. Fielding, and H. Frystyk. Hypertext transfer protocol - HTTP/1.0. Network Writing Group, Request for Comments, May 1996.
4. T. Berners-Lee, R. Fielding, and L. Masinter. Uniform Resource Identifiers (URI): Generic Syntax. http://www.faqs.org/rfcs/rfc2396.html, August 1998.
5. D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, and D. Winer. Simple Object Access Protocol (SOAP) 1.1. http://www.w3.org/TR/SOAP/, May 2000.
6. D. Brickley and R. Guha. Resource description framework (RDF) schema specification 1.0. http://www.w3.Org/TR/2000/CR-rdf-schema-20000327/.last accessed: 3/7/2002.
7. A. Brown, B. Fox, S. Hada, B. LaMacchia, and H. Maruyama. SOAP Security Extensions: Digital Signature. http://www.w3.org/TR/SOAP-dsig. last accessed: 3/5/2002.
8. L. Cardelli and R. Davies. Service combinators for web computing. IEEE Transactions on Software Engineering, 25(3):309-316, 1999.
9. A. Ceponkus, P. Furniss, and A. Green. Business Transaction Protocol, http://www.oasis-open.org /committees/business-transactions/draft_0.9.pdf, October 2001.
10. G. Clemm, A. Hopkins, E, Sedlar, and J. Whitehead. WebDAV Access Control Protocol. http://www.webdav.oig/acl/.
11. J R. Cover. AuthXML Standard for Web Security. http://xml.coverpages.org/authxml.html. last accessed: 3/7/2002.
12. R. Cover. Security Services Markup Language (S2ML). http://xml.coverpages.org/s2ml.html. last accessed: 3/7/2002.
13. E. Damiani, S. D. C. di Vimercati, S. Paraboschi, and P. Samarati. Design and implementation of an access control processor for XML documents. Computer Networks, 33(1-6):59-75, June 2000.
14. E. Damiani, S. D. C. di Vimercati, S. Paraboschi, and P. Samarati. Fine grained access control for soap e-services. WWW10, May 2001.
15. N. Doraswamy and D. Harkins. IPSEC: The new security standard for the Internet, intranets, and virtual private networks. Prentice Hall, 1999.
16. B. A. et al. Web Services Security Language (WS-Security) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/ html/ws-security,asp, January 2002.
17. R. Fielding, J. Gettys, J. Mogul, and H. Frystyk. Hypertext transfer protocol -HTTP/1.1. Network Writing Group, Request for Comments, (2068), January 1997.
18. J. Fontana. Top Web services worry: Security. Network World, http://www.nwfusion.com/news/2002/0121webservices.html?docid=7747, January 2002.
19. W. Ford, P. Hallam-Baker, B. Fox, B. Dillaway, B. LaMacchia, J. Epstein, and J. Lapp. XML Key Management Specification (XKMS). http://www.w3.org/TR/xkms/, March 2001.
20. M. N. framework. .NET framework homepage. http://msdn.microsoft.com/netframework/. last accessed: 3/7/2002.
21. O. M. Group, The CORBA security service specication. ftp://ftp.omg.org/pub/docs/ptc.
22. M. Gudgin, M. Hadley, J.-J. Moreau, and H. F. Nielsen. SOAP Version 1.2 Part 1: Messaging Framework. http://www.w3.org/TR/soap12-part1/, December 2001.
23. D. F. S. G. J. Barkley, A. Cincotta and D. Kuhn. Role-based access control for the World Wide Web. 20th National Computer Security Conference, 1997.
24. R. Khare and A. Rifkin. Weaving a Web of Trust. World Wide Web Journal, 2(3):77-112, summer 1997.
25. M. Kirtland. Authentication and Authorization. http://msdn.microsoft.com/library/default.asp? url=/library/enus/dn_voices_webservice/html/service02282001.asp.
26. R. Kraft. A model for network services on the web. The 3rd International Conference on Internet Computing (IC 2002), 3:536-541, June 2002.
27. R. Kraft. Research and design issues of access control for network services on the web. The 3rd International Conference on Internet Computing (IC 2002), 3:542-548, June 2002.
28. M. Kudo and S. Hada. XML document security based on provisional authorization. CCS'00, 2000. IBM Tokyo Research Laboratory.
29. F. Leymann. Web Services Flow Language (WSFL 1.0). http://www-4.ibm.com/software/solutions/webservices/pdf/WSFL.pdf, May 2001.
30. L. Lippert. WebDAV Access Control Goals (Internet Draft). http://www.webdav.org/acl/goals/draft-ietf-webdav-aclreqts-00.txt.
31. Microsoft Developer Network (MSDN). An Introduction to GXA: Global XML Web Services Architecture. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dngxa/html/ gloxralws500.asp, February 2002.
32. Microsoft Passport. Microsoft Passport homepage. http://passport.microsoft.com. last accessed: April 2002.
33. T. Modi. WSIL: Do we need another Web services specification? http://www.webservicesarchitect.com /content/articles/modi0l.asp, January 2002.
34. OASIS, eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml/index.shtml.
35. R. Oppliger. Methods of securing applications for the world wide web (WWW). Computer Security Journal, 15(1):1-9, Winter 1999.
36. Organization for the Advancement of Structured Information Standards (OASIS). OASIS homepage. http://www.oasis-open.org/.
37. SAML. Security Assertion Markup Language (SAML). http://www.oasis-open.org/committees/security/docs/draftsstc-saml-01.pdf. last accessed: April 2002.
38. R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Communications, pages 40-48, September 1994.
39. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 20(2):38-47, 1996.
40. A. SOAP. Apache SOAP homepage. http://xml.apache.org/soap/. last accessed: 3/7/2002.
41. E. Stokes, B. Blakley, R. Byme, R. Huber, and D. Rinkevich. Access control model for LDAPv3. http://www.ietf.org/internet-drafts/draft-ietf-ldapext-aclmodel-08.txt.
42. O. L. Tim Berners-Lee, James Hendler. W3C Semantic Web - Web Site, http://www.w3.org/2001/sw/. last accessed: 6/3/2002.
43. UDDI. UDDI homepage. http://www.uddi.org/. last accessed: 3/5/2002.
44. W3C. Extensible markup language (XML). http://www.w3.org/XML/.
45. W3C. Platform for privacy preferences (P3P) project. http://www.w3.org/P3P/.
46. W3C. XML encryption WG. http://www.w3c.org/Encryption/2001/.
47. W3C. XML schema. http://www.w3.org/XML/Schema.
48. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proceeding of 2nd USENIX Workshop on Electronic Commerce, November 1996.
49. J. Whitehead and Y. Y. Goland. WebDAV: A network protocol for remote collaborative authoring on the Web . 1999.
50. XML Signature WG. XML Digital Signatures. http://www.w3.org/Signature/. last accessed: 4/15/2002.
51. W. Yeong, T. Howes, and S. Kille. Lightweight directory access protocol. http://www.ietf.org/rfc/rfcl777.txt, 1995.