User tasks and access control over web services

Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007

Volumn , Issue , 2007, Pages 60-69

  Thomas, Jacques ^a   Paci, Federica ^b   Bertino, Elisa ^a   Eugster, Patrick ^a  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF MILAN   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

(E ,3E) PROCESS; (OTDR) TECHNOLOGY; BUSINESS PROCESS EXECUTION LANGUAGE (BPEL); BUSINESS PROCESSES (BP); CONTROL REQUIREMENTS; CORPORATE INTRANET; ENTERPRISE INFORMATION; FLEXIBLE BUSINESS PROCESSES; GLOBAL VIEWS; HUMAN INTERACTIONS; INTERNATIONAL CONFERENCES; LEGACY APPLICATIONS; W3C STANDARDS; WEB SERVICES (WS); WHITE PAPERS;

ACCESS CONTROL; ADMINISTRATIVE DATA PROCESSING; CANNING; DECENTRALIZED CONTROL; FLOW INTERACTIONS; INDUSTRY; INFORMATION MANAGEMENT; INFORMATION SERVICES; LINGUISTICS; MANAGEMENT INFORMATION SYSTEMS; PROCESS ENGINEERING; STANDARDS; TECHNOLOGY; WORLD WIDE WEB;

WEB SERVICES;

EID: 46849087573     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICWS.2007.182     Document Type: Conference Paper

References (32)

1. Aspect XML. http: //www.aspectxml.org, 2007.
2. James P. Anderson. Computer security technology planning study. Technical report, Air Force Electronic Systems Division, 1972.
3. V. Atluri and W. Huang. An authorization model for workflows. In ESORICS '96, 1996.
4. J. F. Barkley, A. V. Cincotta, D. F. Ferraiolo, S. Gavrilla, and D. R. Kuhn. Role based access control for the world wide web. In Proc. 20th NIST-NCSC National Information Systems Security Conference, 1997.
5. E. Bertino, J. Crampton, and F. Paci. Access control and authorization constraints for WS-BPEL. In ICWS'06, 2006.
6. E. Bertino, E. Ferrari, and V. Atluri. The specification and enforcement of authorization constraints in workflow managem ent systems. TISSEC, 2(1), Feb. 1999.
7. E. Bertino, P. Samarati, and S. Jajodia. An extended authorization model for relational databases. TKDE, Volume 9 , Issue 1, 1997.
8. R. Bhatti, J. B.D. Joshi, E. Bertino, and A. Ghafoor. Access control in dynamic xml-based web-services with x-rbac. In ICWS'03, 2003.
9. P. A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. Journal of Computer Security, 10(3), 2002.
10. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In S&P'87, 1987.
11. J. Crampton. A reference monitor for workflow systems with constrained task execution. In SACMAT'05, 2005.
12. IBM, BEA Systems, Microsoft, SAP AG, and Siebel Systems. Business process execution language for web services version 1.1, May 2003.
13. Intalio. Intalio|tempo. http://tempo.intalio.org/, 2007.
14. M. Kloppmann, D. Koenig, F. Leymann, G. Pfau, A. Rickayzen, C. von Riegen, P. Schmidt, and I. Trickovic. WS-BPEL extension for people - BPEl4People, 2005.
15. Hristo Koshutanski and Fabio Masacci. An access control framework for business processes for web services. In ACM Workshop on XML security, 2003.
16. LDAP series of RFCs: RFC 4510 to 4519, June 2006.
17. N. Li and Q. Wang. Beyond separation of duty: An algebra for specifying high-level security policies. In CCS '06, 2006.
18. Magoo Software Limited. Integrating user tasks into bpel processes, http://www.magoosoft.com/pdf/BpelUserTasks.pdf, June 2006.
19. M. J. Nash and K. R. Poland. Some conundrums concerning separation of duty. In S&P'90, 1990.
20. OASIS, eXtensible Access Control Markup Language, version 2.0, February 2005.
21. OASIS. Security Assertion Markup Language, version 2.0, March 2005.
22. Oracle Inc. BPEL tutorial; tutorial 6: Working with the TaskManager service, http://www.oracle.com/technology/products/ias/bpel/pdf/orabpel- Tutorial6-TaskManagerServiceTutorial.pdf, 2006.
23. A. Ghafoor R. Bhatti, E. Bertino. A trust-based context-aware access control model for web-services. In ICWS'04, 2004.
24. J. H. Saltzer and M. D Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 1975.
25. R. T. Simon and M. E. Zurko. Separation of duty in role-based environments. In CSFW'97, 1997.
26. Emin Gü Sirer and Ke Wang. An access control language for web services. In SACMAT '02, 2002.
27. Sarbanes-Oxley Act of 2002. Pub. L. No. 107-204, 116 Stat. 745, 2002.
28. Oasis Web Services Reliable Messaging TC. Ws-reliability 1.1, 2004.
29. Jeroen van Bemmel, Maarten Wegdam, and Ko Lagerberg. 3PAC: Enforcing access policies for web services. In ICWS'05, 2005.
30. W. van der Aalst and K. van Hee. Workflow Management: Models, Methods, and System. The MIT Press, 2002.
31. W. van der Aalst and K. van Hee. Workflow patterns. http://www. workflowpatterns.com, 2007.
32. W3C. XSL transformations (XSLT) version 2.0, November 2005.