Access Control in Dynamic XML-based Web-Services with X-RBAC

Proceedings of the International Conference on Web Services

Volumn , Issue , 2003, Pages 243-249

  Bhatti, Rafae ^a   Joshi, James B D ^a   Bertino, Elisa ^b   Ghafoor, Arif ^a  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF MILAN   (Italy)

Author keywords

Access Control; RBAC; Web Services; XML

Indexed keywords

ACCESS CONTROL; ROLE-BASED ACCESS CONTROL (RBAC); WEB-SERVICES;

COMPUTER ARCHITECTURE; COMPUTER HARDWARE DESCRIPTION LANGUAGES; COMPUTER PROGRAMMING LANGUAGES; COMPUTER SOFTWARE; SECURITY OF DATA; TELECOMMUNICATION SERVICES; XML;

WORLD WIDE WEB;

EID: 1642341365     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (19)

1. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, Ramaswamy Chandramouli, "Proposed NIST standard for role-based access control", ACM Transactions on Information and System Security, Volume 4, Issue 3, August 2001.
2. R. Bhatti, J. B. D. Joshi, E. Bertino, A. Ghafoor, "XML based RBAC Policy Specification for Secure Web-Services", Submitted to IEEE Computer.
3. E. Bertino, S. Castano, E. Ferrari, "Securing XML Documents with Author X", IEEE Internet Computing May-June 2001.
4. E. Bertino, S. Castano, E. Ferrari, "On Specifying Security Policies for Web Documents with an XML-based Language", Proceedings of Sixth ACM Symposium on Access Control Models and Technologies, 2001.
5. E. Damiani, S. D. C. di Vimercati, S. Paraboschi, P. Samarati, "A Fine Grained Access Control System for XML Documents", ACM Transactions on Information and System Security, Volume 5, Issue 2, May 2002.
6. S. Hada, M. Kudo, "XML Access Control Language: Provisional Authorization for XML Documents", October 16, 2000, Tokyo Research Laboratory, IBM Research.
7. Why XML Schema beats DTDs hands-down for data http://www-106.ibm.com/developerworks/xml/library/xsbsch.html
8. R. Sandhu, E. J. Coyne, H. L. Feinstein, C. E. Youman, "Role Based Access Control Models", IEEE Computer Volume 29, Issue 2, February 1996.
9. S. L. Osborn, R. Sandhu, Q. Munawer, "Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies," ACM Transactions on Information and System Security, Volume 3, Issue 2, February 2000.
10. D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, R. Chandramouli, "The MIST Model for Role-Based Access Control: Towards a Unified Standard," ACM Transactions on Information and System Security, Volume 4, Issue 3, August 2001.
11. J. B. D. Joshi, W. G. Aref, A. Ghafoor and E. H. Spafford, "Security Models for Web-based Applications", Communications of the ACM, Volume 44, Issue 2, Feb. 2001.
12. N. N. Vuong, G. S. Smith, Y. Deng, "Managing Security Policies in a Distributed Environment Using extensible Markup Language (XML)", Symposium on Applied Computing, March 2001
13. D. F. Ferraiolo, J. F. Barkley, D. R. Kuhn, "A Role Based Access Control Model and Reference Implementation Within a Corporate Intranet", ACM Transactions on Information and System Security, Volume 2, Issue 1, Feb 1999.
14. XACML 1.0 Specification http://xml.coverpages.org/ni2003-02-11-a.html
15. E. Bertino, S. Castano, E. Ferrari, M. Mesiti, "Controlled Access and Dissemination of XML Documents", Workshop on Web Information And Data Management, November 1999.
16. Simple Object Access Protocol (SOAP) 1.1 http://www.w3.org/TR/SOAP/
17. S. I. Gavrila, J. F. Barkley, "Formal Specification for Role Based Access Control User/role and Role/role Relationship Management", Proceedings of the third ACM Workshop on Role-based access control, Fairfax, Virginia, United States, October 22-23, 1998.
18. Web Services Policy Framework (WS-Policy) http://www-106.ibm.com/developerworks/library/wspolfram/
19. J. B. D. Joshi, Elisa Bertino, Usman Latif, Arif Ghafoor, "Generalized Temporal Role Based Access Control Model (GTRBAC) (Part 1) - Specification and Modeling", Submitted to IEEE Transaction on Knowledge and Data Engineering.