An adaptive access control model for web services

International Journal of Web Services Research

Volumn 3, Issue 3, 2006, Pages 27-60

  Bertino, Elisa ^a   Squicciarini, Anna C ^a   Martino, Lorenzo ^a   Paci, Federica ^b  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF MILAN   (Italy)

Author keywords

Access control; Authorization; Security; Trust negotiation; WSDL

Indexed keywords

ALGORITHMS; DATA PRIVACY; MATHEMATICAL MODELS; SECURITY OF DATA; TELECOMMUNICATION SERVICES;

ACCESS CONTROL; AUTHORIZATION; TRUST NEGOTIATION; WSDL;

ADAPTIVE CONTROL SYSTEMS;

EID: 33750514985     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2006070102     Document Type: Article

References (19)

1. Ardagna, C., Damiani, E., De Capitani di Vimercati, S., & Samarati, P. (2004). A Web service architecture for enforcing access control policies. In Proceedings of the 1st International Workshop on Views on Designing Complex Architectures, Bertinoro, Italy (pp. 25-35).
2. Bertino, E., Ferrari, E., & Squicciarini, A.C. (2003).X-TNL:AnXML- based language for trust negotiations. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Lake Como, Italy (pp. 81-84).
3. Bertino, E., Squicciarini, A.C., & Mevi, D. (2004). A fine-grained access control model for Web services. In Proceedings of the IEEE International Conference on Service Computing (SCC 2004), Shanghai, China (pp. 33-40).
4. Bertino, E., Squicciarini, A.C, Paloscia, I., & Martino, L. (2005). Ws-Ac: Afine grained access control system for Web services (unpublished). Accepted for publication in World Wide Web Journal.
5. Damianou, N., Dulay, N., Lupu, E., & Sloman, M. (2001). The ponder policy specification language. In Proceedings of the IEEE International Workshop on Policies for Distributed Systems and Networks, Bristol, UK (pp. 18-38).
6. Gavriloaie, R. Nejdl, W., Olmedilla, D., Seamons, K.E., & Winslett, M. (2004). No registration needed: How to use declarative policies and negotiation to access sensitive resources on the Semantic Web. In Proceedings of the 1st European Semantic Web Symposium, Heraklion, Greece (pp. 342-356).
7. Gün Sirer, E., & Wang, K. (2002). An access control language for Web services. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey. California, USA (pp. 23-30).
8. Herzberg, A., Mihaeli, J., Mass, Y., Naor, D., & Ravid, Y. (2000). Access control systems meets public infrastructure, or: Assigning roles to strangers. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, USA (pp. 2-14).
9. IBM, BEA Systems, Microsoft, SAPAG, Sonic Software, VeriSign. (2004). WS-policyWeb services policy framework. Retrieved from http://msdn.microsoft. com/web-services/default.aspx?pull=/library/en-s/dnglobspec/html/ws-policy.asp
10. Kagal, L., Paolucci, M. Srinivasan, N., Denker, G. Finin, T., & Sycara, K. (2004). Authorization and privacy for semantic Web services. In Proceedings of the AAAI 2004 Spring Symposium on Semantic Web Services, Palo Alto, California, USA (pp. 50-56).
11. OASIS eXtensible Access Control Markup Language (XACML) Version 2.0. (n.d.). Committee draft 02. Document identifier: access_control-xacml-2.0-core- spec-cd-02. Retrieved September 30, 2004, from http://docs.oasis-open.org/xacml/ access_control-xacml-2.0-core-spec-cd-02.pdf
12. OASIS XACML. (n.d.). Profile for Web-services (WorkingDraft 04). Document identifier: draft-xacml-wspl-04. Retrieved September 29, 2004, from http://docs.oasis.open.org/committees/documents.php?wg_abbrev=xacml
13. Paurobally, S., & Jennings, N. R. (2005). Protocol engineering for Web services conversations. International Journal of Engineering Applications of Artificial Intelligence, 18(2), 237-254.
14. Ryutov, T., Zhou, L., Neuman, C., Leithead. T., & Seamons, K.E. (2005). Adaptive trust negotiation and access control. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT 2005), Stockholm, Sweden (pp. 139-146).
15. Ryutov, T., & Neuman, C. (2002). The specification and enforcement of advanced security policies. In Proceedings of the IEEE International Workshop on Policies for Distributed Systems and Networks, Monterey. California, USA (pp. 128-138).
16. Ryutov, T., Neuman, C., Kim, D., & Zhou, L. (2003). Integrated access control and intrusion detection for Web servers. IEEE Transactions on Parallel and Distributed Systems, 14(9), 841-850.
17. Wonohoesodo, R., & Tari, Z. (2004). A role based access control for Web services. In Proceedings of the IEEE International Conference on Service Computing (SCC 2004), Shanghai, China (pp. 49-56).
18. Worldwide Web Consortium. (2005). WSDL-Web services description language 2.0 (W3C Working Draft). Retrieved from http://www.w3.org/TR/2005/WD-wsdl20- primer-20050510/
19. Yu, T., Winslett, M., & Seamons, K. (2003). Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security, 6(1), 1-42.