An access control framework for web services

Information Management and Computer Security

Volumn 13, Issue 1, 2005, Pages 29-38

  Coetzee, M ^a   Eloff, J H P ^b  

^a UNIVERSITY OF JOHANNESBURG   (South Africa)

^b UNIVERSITY OF PRETORIA   (South Africa)

Author keywords

Programming languages; Trust; Worldwide web

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; ELECTRONIC COMMERCE; NETWORK PROTOCOLS; SECURITY OF DATA; XML;

ACCESS CONTROL; TRUST; WEB SERVICES;

WORLD WIDE WEB;

EID: 19444370573     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220510582656     Document Type: Article

References (22)

1. Anderson, A., Anderson, S., Adams, C., Beznosov, K., Brose, G. and Crocker, S. et al. (2003), Extensible Access Control Markup Language (XACML) 1.0 Specification, available at: Www.oasis-open.org/committees/ tc_home.php?wg_abbrev=xacml
2. Anderson, S., Bohren, J., Boubez, T., Chanliau, M., Della-Libera, G. and Dixon, B. et al. (2004), Web Services Trust Language (WS-Trust), available at: Www.ibm.com/developerworks/library/ws-trust/index.html
3. Atkinson, A., Bellwood, T., Cahuzac, M., Clément, L., Colgrave, J. and Corda, U. et al. (2003), UDDI Version 3.0.1, available at: http://uddi.org/pubs/uddi-v3.0.1-20031014.htm
4. Atkinson, B., Della-Libera, G., Hada, S., Hondo, M., Hallam-Baker, P. and Kaler, C. et al. (2002), Web Services Security (WS-Security) Version 1.0, available at: Www.verisign.com/wss/wss.pdf (accessed 5 April).
5. Bartel, M., Boyer, J., Eastlake, D., Fox, B., LaMacchia, B., Simon, E. and Solo, D. (2002), XML Signature, available at: Www.w3.org/TR/2002/ REC-xmldsig-core-20020212/
6. Bertino, E., Pagani, E., Rossi, G.P. and Samarati, P. (2000),"Protecting information on the web", Communications of the ACM, Vol. 43 No. 11, pp. 189-99.
7. Bonatti, P. and Samarati, P. (2002), "A unified framework for regulating access and information release on the web", Journal of Computer Security, Vol. 10 No. 3, pp. 241-72.
8. Bonatti, P. and Samarati, P. (2003), "Logics for authorizations and security", in Chomicki, J., van der Meyden, R. and Saake, G. (Eds), Logics For Emerging Applications of Databases LNCS, Springer-Verlag, Heidelberg.
9. Box, D., Curbera, F., Hondo, M., Kale, C., Langworthy, D. and Nadalin, A. et al. (2003), Web Services Policy Framework (WS-Policy), available at: Www.ibm.com/developerworks/library/ws-policy/index.html
10. Box, D., Ehnebuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Nielsen, H.F., Thatte, S. and Winer, D. (2000), Simple Object Access Protocol (SOAP) 1.1, available at: Www.w3.org/TR/SOAP/
11. Christensen, E., Curbera, F., Meredith, G. and Weerawarana, S. (2001), Web Services Description Language (WSDL) 1.1, available at: Www.w3.org/ TR/wsdl
12. Damiani, E., De Capitani Di Vimercati, S., Paraboschi, S. and Samarati, P. (2001), "Fine-grained access control for SOAP e-services", Proceedings of the 10th International World Wide Web Conference, Hongkong, 1-5 May.
13. Elsmari, R.A. and Navathe, S. (2000), Fundamentals of Database Systems, Addison-Wesley, Milano.
14. Foldoc (2003), Free, Online Dictionary of Computing, Supported by the Department of Computing Imperial College, available at: http://foldoc. doc.ic.ac.uk/foldoc/foldoc.cgi?query=assertion&action=Search
15. Gottschalk, K., Graham, S., Kreger, H. and Snell, J. (2002), "Introduction to web services architecture", IBM Systems Journal, Vol. 41 No. 2.
16. Hallam-Baker, P., Hodges, J., Maler, E., McLaren, C. and Irving, R. (2002), SAML 1.0 Specification, available at: Www.oasis-open.org/ committees/tc_home.php?wg_abbrev=security
17. Imamura, T., Dillaway, B., Eastlake, D., Reagle, J. and Simon, E. (2002), XML Encryption, available at: Www.w3.org/TR/xmlenc-core/
18. Jajodia, S., Samarati, P., Sapino, M.L. and Subrahmanian, V.S. (2001), "Flexible support for multiple access control policies", ACM Transactions on Database Systems, Vol. 26 No. 2, pp. 214-60.
19. Lischka, M. and Wedde, H.F. (2003), "Composing heterogenous access policies between organizations", Proceedings of the IADIS International Conference e-Society, Lisbon, 3-6 June.
20. Myer, T. (2003), Grid Computing: Conceptual Flyover for Developers, available at: Www-106.ibm.com/developerworks/library/gr-fly.html
21. Samarati, P. (2002), "Enriching access control to support credential-based specifications", paper presented at the Workshop-Credential-Based Access Control in Open, Interoperable IT-Systems, Dortmund, 2 October, available at: http://ls6-www.cs. uni-dortmund.de/issi/cred_ws/
22. Sandu, R. (1996), "Access control: The neglected frontier", Proceedings of the 1st Australian Conference on Information Security and Privacy, Wollongong, 23-26 June, pp. 23-36.