From conflict of interest to separation of duties in WS-policy for web services matchmaking process

Proceedings of the Hawaii International Conference on System Sciences

Volumn 37, Issue , 2004, Pages 1061-1070

  Hung, Patrick C K ^a  

^a CSIRO   (Australia)

Author keywords

Conflict of interest; Delegation; Matchmaking; Security assertion; Separation of duties; Service locator; Web services; WS Policy; WS PolicyAttachment

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER PROGRAMMING LANGUAGES; INFORMATION ANALYSIS; LOGIC PROGRAMMING; NETWORK PROTOCOLS; OBJECT ORIENTED PROGRAMMING; SOCIETIES AND INSTITUTIONS; SOFTWARE PROTOTYPING; VIRTUAL REALITY; XML;

CONFLICT OF INTEREST; DELEGATION; MATCHMAKING; SECURITY ASSERTION; SEPARATION OF DUTIES; SERVICE LOCATOR; WEB SERVICES; WS-POLICY; WS-POLICY ATTACHMENT;

WORLD WIDE WEB;

EID: 12344279972     PISSN: 10603425     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/hicss.2004.1265212     Document Type: Conference Paper

References (29)

1. David F. C. Brewer, and Michael J. Nash, "Chinese Wall Security Policy," Proceedings of the Symposium on Security and Privacy, 1989, pp. 206-214.
2. Contentguard, "eXtensible rights Markup Language (XrML)," Version 2.0, 2001.
3. J. Fontana, "Top Web Services Worry: Security," NetworkWorldFusion, January 2002.
4. B. Hofreiter, C. Huemer, and W. Klas, "ebXML: Status, Research Issues, and Obstacles," Proceedings of Twelfth International Workshop on Research Issues in Data Engineering: Engineering E-Commerce/E-Business Systems, 2002, pp. 7-16.
5. P. Holland, "Building Web Services From Existing Application," eAI Journal, September 2002, pp. 45-47.
6. Maryann Hondo, Nataraj Nagaratnam, and Anthony Nadalin, "Securing Web Services," IBM Systems Journal, vol. 41, no. 2, 2002, pp. 228-241.
7. Patrick C. K. Hung, "Specifying Conflict of Interest in Web Services Endpoint Language (WSEL)," ACM SIGecom Exchanges, vol. 3.3, 2002, pp. 1-8.
8. IBM Corporation, "Business Process Execution Language for Web Services (BPEL4WS)," Version 1.0, 2002.
9. IBM Corporation, "Web Services Transaction (WS-Transaction)," 2002.
10. IBM Corporation, "Web Services Coordination (WS-Coordination)," 2002.
11. IBM Corporation, "Security in a Web Services World: A Proposed Architecture and Roadmap," White Paper, Version 1.0, 2002.
12. F. Leymann, "Web Services Flow Language (WSFL 1.0)," IBM Corporation, 2001.
13. Netegrity, "JSAML Toolkit: Netegrity's Java Implementation of the Security Assertions Markup Language (SAML) Specification," White Paper, 2001.
14. OASIS, "SAML 1.0 Specification Set: Committee Specifications," 2002.
15. OASIS, "OASIS eXtensible Access Control Markup Language (XACML)," OASIS Standard 1.0, 2002.
16. P. Ratnasingam, "The Importance of Technology Trust in Web Services Security," Information Management & Computer Security, vol. 10, no. 5, 2002, pp. 255-260.
17. Sun Microsystems, "Web Service Choreography Interface (WSCI)," Version 1.0, 2002.
18. S. Thatte, "XLANG - Web Services for Business Process Design," Microsoft Corporation, 2001.
19. UDDI Organization, "UDDI Specification," Version 3.0, Published Specification, 2002.
20. World Wide Web Consortium (W3C). Online: www.w3c.org
21. Matunda Nyanchama and Sylvia Osborn, "The Role Graph Model and Conflict of Interest," ACM Transactions on Information and System Security, vol. 2, no. 1, 1999, pp. 3-33.
22. Gail-Joon Ahn and Ravi Sandhu, "The RSL99 Language for Role-based Separation of Duty Constraints," Proceedings of the ACM Workshop on Role-Based Access Control, 1999, pp. 43-54.
23. Richard T. Simon and Mary Ellen Zurko, "Separation of Duty in Role-based Environments," Proceedings of the 10th Computer Security Foundations Workshop, 1997, pp. 183-194.
24. Michael J. Nash and Keith R. Poland, "Some Conundrums Concerning Separation of Duty," Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, 1990, pp. 201-207.
25. D. Richard Kühn, "Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-based Access Control Systems," Proceedings of the Second ACM Workshop on Role-based Access Control, 1997, pp. 23-30.
26. Virgil D. Gligor, Serban I. Gavrila and David Ferraiolo, "On the Formal Definition of Separation-of-duty Policies and Their Composition," Proceedings of 1998 IEEE Symposium on Security and Privacy, 1998, pp. 172-183.
27. Patrick C. K. Hung, Kamalakar Karlapalem and James Gray III, "Least Privilege Security in CapBasED-AMS," The International Journal of Cooperative Information Systems, vol. 8, no. 2 & 3, 1999, pp. 139-168.
28. David D. Clark and David R. Wilson, "A Comparison of Commercial and Military Computer Security Policies," Proceedings of 1987 IEEE Symposium on Security and Privacy, 1987, pp. 184-194.
29. Liang-Jie Zhang and Tian Chao, "Business Explorer for Web Services (BE4WS)," IBM AlphaWorks, 2001. Online: www.alphaworks.ibm.com/tech/be4ws