An access control model for Web services in business process

Proceedings - IEEE/WIC/ACM International Conference on Web Intelligence, WI 2004

Volumn , Issue , 2004, Pages 292-298

  Liu, Peng ^a   Chen, Zhong ^a  

^a PEKING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

CONSTRAINT THEORY; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC COMMERCE; PUBLIC POLICY; SECURITY OF DATA; SOFTWARE PROTOTYPING; XML;

AUTHORIZATION; BUSINESS PROCESSES; RBAC MODEL; WEB SERVICES;

WORLD WIDE WEB;

EID: 15544387289     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. SOAP Specifications. http://www.w3.org/TR/soap/.
2. Web Services Description Language (WSDL) Version 1.2. http://www.w3.org/TR/2002/WD-wsdl12-20020709.
3. UDDI Version 3.0. http://uddi.org/pubs/uddi-v3.00-published-20020719.htm.
4. P. Ratnasingam. The Importance of Technology Trust in Web Services Security. Information Management & Computer Security, vol. 10, no. 5, 2002, pp. 255-260.
5. Woo, T. Y. C., and Lam, S. Designing a distributed authorization service. Proc. of Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2,IEEE Press, 1998, pp. 419-429.
6. Zurko, M., Simon, R., and Sanfilippo, T. A user-centered, modular authorization service built on an RBAC foundation. Proc. of the IEEE Symposium on Security and Privacy. IEEE Press, 1999, pp. 57-71.
7. Hine, J. A., Yao, W., Bacon, J., and Moody, K. An architecture for distributed OASIS services. IFIP/ACM International Conference on Distributed systems platforms. Springer-Verlag New York, Inc., 2000, pp. 104-120.
8. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramoult. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, pp. 224-274.
9. S. Thatte. XLANG - Web Services for Business Process Design. Microsoft, 2001.
10. F. Leymann. Web Services Flow Language (WSFL 1.0). IBM Corporation, 2001.
11. F. Curbera, Y. Goland, J. Klein, et al. Business Process Execution Language for Web Services (BPEL4WS). Microsoft, IBM etc, Version 1.0, 2002.
12. F. Cabrera, G. Copeland, B. Cox, et al. Web Services Transaction (WS-Transaction). Microsoft, IBM etc, 2002.
13. F. Cabrera, G. Copeland, T. Freund, et al. Web Services Coordination (WS-Coordination). Microsoft, IBM etc, 2002.
14. Microsoft, IBM. Security in a Web Services World: A Proposed Architecture and Roadmap. 2002.
15. OASIS. SAML 1.1. http://www.oasis-open.org/committees/download.php/3406/ oasis-sstc-saml-core-1.1.pdf.2003.
16. OASIS. XACML 1.0. http://www.oasis-open.org/committees/download.php/2406/ oasis-xacml-1.0.pdf.2003.
17. R. Thomas and R. Sandhu. Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Database Security XI: Status and Prospects, Chapman & Hall 1998.
18. E. Bernito, P. Andrea Bonatti, and E. Ferrari. TRBAC: A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, pp. 191-223.
19. E. Cohen, R. K. Thomas, W. Winsborough and D. Shands. Models for Coalition-based Access Control (CBAC). Seventh ACM Symposium on Access Control Models and Technologies. 2002, Monterey, California, USA.
20. M. H. Kang, J. S. Park and J. N. Froscher. Access control mechanisms for inter-organizational workflow. Proc. of the 6th ACM Symposium on Access Control Models and Technologies, Virginia, 2001, pp. 66-74.
21. M. Bartel, et al. XML-Signature Syntax and Processing. W3C, IETF, February 2002. http://www.w3.org/TR/xmldsig-core/.
22. T. Imamura, B. Dillaway, and E. Simon. XML-Encryption Syntax and Processing. W3C, December 2002. http://www.w3.org/TR/xmlenc-core/.
23. D. Box, F. Cabrera, M. Hondo, et al. Web Services Policy Framework (WS-Policy). Microsoft, IBM etc, 2003.
24. D. Box, F. Cabrera, M. Hondo, et al. Web Services Policy Attachment (WS-PolicyAttachment). Microsoft, IBM etc, 2003.