A policy-based authorization framework for web services: Integrating X-GTRBAC and WS-policy

Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007

Volumn , Issue , 2007, Pages 447-454

  Bhatti, Rafae ^a   Sanz, Daniel ^b   Bertino, Elisa ^c   Ghafoor, Arif ^d  

^a IBM ALMADEN RESEARCH CENTER   (United States)

^b UNIVERSIDAD CARLOS III DE MADRID   (Spain)

^c Purdue University   (United States)

^d Purdue University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

(R ,S ,S) POLICY; ACCESS CONTROL POLICIES; AUTHENTICATION MECHANISMS; AUTHORIZATION AND ACCESS CONTROL; AUTHORIZATION FRAMEWORKS; AUTHORIZATION POLICIES; BUSINESS PROCESSES (BP); COMPONENT BASED DESIGNS; CONTROL REQUIREMENTS; HEALTHCARE INFORMATION SERVICES; INTERNATIONAL CONFERENCES; MULTIPLE COMPONENTS; POLICY SPECIFICATION LANGUAGES; WEB SERVICE APPLICATIONS; WEB SERVICE DESCRIPTION; WS-POLICY; WS-POLICY ATTACHMENT;

HEALTH; INFORMATION SERVICES; LINGUISTICS; QUERY LANGUAGES; SECURITY SYSTEMS; SPECIFICATION LANGUAGES; SPECIFICATIONS; STANDARDS; UNIFIED MODELING LANGUAGE; WEB SERVICES; WORLD WIDE WEB;

ACCESS CONTROL;

EID: 46849100466     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICWS.2007.10     Document Type: Conference Paper

References (18)

1. R. Bhatti, D. Sanz, E. Bertino, A. Ghafoor, "A Policy-Based Authorization System for Web Services:Integrating X-GTRBAC and WS-Policy", CERIAS Technical Report 2006-03.
2. R. Bhatti, J. B. D. Joshi, E. Bertino, A. Ghafoor, "XML-Based Specification for Web Services", IEEE Computer, Vol. 37, No. 4, April 2004
3. R Bhatti, J. B. D. Joshi, E. Bertino, A. Ghafoor, "X-GTRBAC: An XML-based Policy Specification Framework and Architecture for Enterprise-Wide Access Control", ACM Transactions on Information and System Security (TISSEC), Vol. 8, No. 2.
4. R Bhatti, E. Bertino, A. Ghafoor, "An Integrated Approach to Federated Identity and Privilege Management in Open Systems", Communications of the ACM, Vol. 50 No.2, February 2007.
5. J. Hu, A. C. Weaver, "Dynamic, Context-aware Security Infrastructure for Distributed Healthcare Applications", Proceedings of First Workshop on Pervasive Security, Privacy and Trust (PSPT), August 26, 2004.
6. D. Kaminsky, "An Introduction to Policy for Autonomic Computing", March 2005. http://www-128.ibm.com/developerworks/autonomic/ library/ac-policy.html
7. P. Nolan, "Understand WS-Policy Processing", December, 2004. http://www-128.ibm.com/developerworks/webservices/library/ws-policy.html (Accessed: February 10, 2007)
8. R. Sandhu, E. J. Coyne, H. L. Feinstein, C. E. Youman, "Role Based Access Control Models", IEEE Computer Vol. 29, No 2, February 1996
9. E. Sirer, K. Wang, "An access control language for web services", Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, CA.
10. Web Services Description Language (WSDL 1.1), March 2001. http://www.w3.org/TR/2001/NOTE-wsdl-20010315 (Accessed: February 10, 2007)
11. Web Services Policy Framework (WS-Policy), September, 2004. http://www-128.ibm.com/developerworks/webservices/library/specification/ ws-polfram/ (Accessed: February 10, 2007)
12. Web Services Policy Attachment (WS-PolicyAttachment), September, 2004. http://www-128.ibm.com/developerworks/webservices/library/specification/ ws-polatt/ (Accessed: February 10, 2007)
13. Web Services Security (WS Security), April 2002. http://www-128.ibm.com/ developerworks/webservices/library/specification/ws-secure/ (Accessed: February 10, 2007)
14. Web Services Trust Language (WS Trust), May, 2004. http://www-128.ibm. com/developerworks/library/specification/ws-trust/(Accessed: February 10, 2007)
15. Security in a Web Services World: A Proposed Architecture and Roadmap, April 2002. http://www-128.ibm.com/developerworks/webservices/library/ specification/w s-secmap/ (Accessed: February 10, 2007)
16. Security Assertions Markup Language (SAML), August, 2004. http://xml.coverpages.org/saml.html (Accessed: February 10, 2007)
17. Extensible Access Control Markup Language (XACML), February, 2005. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml (Accessed: February 10, 2007)
18. XACML Profile for Web Services (WSPL), September 2003. http://www.oasis-open.org/committees/download.php/3661/draft-xacml-wspl-04.pdf (Accessed: February 10, 2007)