An extended RBAC model for web services in business process

Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business, CEC-East 2004

Volumn , Issue , 2004, Pages 100-107

  Liu, Peng ^a   Chen, Zhong ^a  

^a PEKING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS PROCESS; INFORMATION SYSTEMS; PARTNER-SPECIFIC SECURITY INFRASTRUCTURE; WEB SERVICES;

COSTS; DECISION MAKING; INDUSTRIAL ECONOMICS; INDUSTRY; PROCESS CONTROL; PRODUCT DEVELOPMENT; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS; XML;

WORLD WIDE WEB;

EID: 14244258227     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1002/0471648272.ch7     Document Type: Conference Paper

References (29)

1. SOAP Version 1.2 Part 0: Primer. http://www.w3.org/TR/2003/REC-soap12- part0-0030624/.
2. SOAP Version 1.2 Part 1: messaging framework. http://www.w3.org/TR/2003/ REC-soap12-part1-0030624/.
3. SOAP Version 1.2 Part 2: Adjuncts. http://www.w3.org/TR/2003/REC-soap12- part2-0030624/.
4. Web Services Description Language (WSDL) Version 1.2, http://www.w3.org/TR/2002/WD-wsdl12-20020709.
5. UDDI Version 3.0, http://uddi.org/pubs/uddi-v3.00-published-20020719.htm.
6. P. Ratnasingam, The Importance of Technology Trust in Web Services Security, Information Management & Computer Security, vol. 10, no. 5, 2002, pp. 255-260.
7. Woo, T. Y. C., and Lam, S. Designing a distributed authorization service. Proc. of Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2,IEEE Press, 1998, pp. 419-429.
8. Johnston, W., Mudumbai, S., and Thompson, M. Authorization and attribute certificates for widely distributed access control. Proc. of Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE Press, 1998, pp. 340-345.
9. Beznosov, K., Deng, Y., Blakley, B., Burt, C., and Barkley, J. A resource access decision service for CORBA-based distributed systems. Proc. of 15th IEEE Annual Computer Security Applications Conference. IEEE Press, 1999, pp. 310-319.
10. Zurko, M., Simon, R., and Sanfilippo, T. A user-centered, modular authorization service built on an RBAC foundation. Proc. of the IEEE Symposium on Security and Privacy. IEEE Press, 1999, pp. 57-71.
11. Hine, J. A., Yao, W., Bacon, J., and Moody, K. An architecture for distributed OASIS services. IFIP/ACM International Conference on Distributed systems platforms. Springer-Verlag New York, Inc., 2000, pp. 104-120.
12. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramoult. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, pp. 224-274.
13. S. Thatte. XLANG - Web Services for Business Process Design. Microsoft, 2001.
14. F. Leymann. Web Services Flow Language (WSFL 1.0). IBM Corporation, 2001.
15. F. Curbera, Y. Goland, J. Klein, et al. Business Process Execution Language for Web Services (BPEL4WS). Microsoft, IBM etc, Version 1.0, 2002.
16. F. Cabrera, G. Copeland, B. Cox, et al. Web Services Transaction (WS-Transaction). Microsoft, IBM etc, 2002.
17. F. Cabrera, G. Copeland, T. Freund, et al. Web Services Coordination (WS-Coordination). Microsoft, IBM etc, 2002.
18. Microsoft, IBM. Security in a Web Services World: A Proposed Architecture and Roadmap. 2002.
19. OASIS. SAML 1.1. http://www.oasis-open.org/committees/download.php/3406/ oasis-sstc-saml-core-1.1.pdf. 2003.
20. OASIS. XACML 1.0. http://www.oasis-open.org/committees/download.php/2406/ oasis-xacml-1.0.pdf. 2003.
21. R. Thomas and R. Sandhu. Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Database Security XI: Status and Prospects, Chapman & Hall 1998.
22. E. Bernito, P. Andrea Bonatti, and E. Ferrari. TRBAC: A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, pp. 191-223.
23. E. Cohen, R. K. Thomas, W. Winsborough and D. Shands. Models for Coalition-based Access Control (CBAC). Seventh ACM Symposium on Access Control Models and Technologies. 2002, Monterey, California, USA.
24. M. H. Kang, J. S. Park and J. N. Froscher. Access control mechanisms for inter-organizational workflow. Proc. of the 6th ACM Symposium on Access Control Models and Technologies, Virginia, 2001, pp. 66-74.
25. G.-J. Ahn and R. Sandhu. Role-Based Authorization Constraints Specification. ACM Transactions on information and System Security, Vol. 3, No. 4, November, 2000, pp. 207-226.
26. M. Bartel, et al. XML-Signature Syntax and Processing. W3C, IETF, February 2002. http://www.w3.org/TR/xmldsigcore/.
27. T. Imamura, B. Dillaway, and E. Simon. XML-Encryption Syntax and Processing. W3C, December 2002. http://www.w3.org/TR/xmlenc-core/.
28. D. Box, F. Cabrera, M. Hondo, et al. Web Services Policy Framework (WS-Policy). Microsoft, IBM etc, 2003.
29. D. Box, F. Cabrera, M. Hondo, et al. Web Services Policy Attachment (WS-PolicyAttachment). Microsoft, IBM etc, 2003.