Using web service enhancements to establish trust relationships with privacy protection (extended and invited from ICWS 2006 with id 47)

International Journal of Web Services Research

Volumn 6, Issue 1, 2009, Pages 49-68

  Weaver, Alfred C ^a   Wu, Zhengping ^a  

^a UNIVERSITY OF VIRGINIA   (United States)

Author keywords

Privacy protection; Trust establishment; Trust management; Web service; Web service enhancements

Indexed keywords

WEB CRAWLER; WEBSITES;

COOPERATING PARTIES; PRIVACY PROTECTION; SERVICE REQUESTERS; TRUST ESTABLISHMENT; TRUST MANAGEMENT; TRUST RELATIONSHIP; WEB SERVICE ENHANCEMENTS; WEB SERVICE TECHNOLOGY;

WEB SERVICES;

EID: 70249099523     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2009092203     Document Type: Article

References (30)

1. A Joint White Paper from IBM Corporation and Microsoft Corporation (2002), Security in a Web Services World: A Proposed Architecture and Roadmap. Retrieved on XXX from, http://msdn.microsoft.com/library/en-us/dnwssecur/html/ securitywhitepaper.asp
2. Abadi, M. (2003). Logic in Access Control, Proc. of the 18th Annual IEEE Symposium on Logic in Computer Science, pp. 228-233.
3. Anderson, S., et al. (2004). Web Services Trust Language (WS-Trust), Retrieved on XXX from, http://msdn.microsoft.com/ws/2004/04/ws-trust/.
4. Atkinson, B. et al. (2003), UDDI Spec Technical Committee Specification. Retrieved on XXX from, http://uddi.org/pubs/uddi-v3.0.1-20031014.htm.
5. Bajaj, S., et al. (2004), Web Services Policy Framework (WS-Policy). Retrieved on XXX from, http://specs.xmlsoap.org/ws/2004/09/policy/wspolicy.pdf.
6. Beth, T., Borcherding, M., & Klein, B. (1994). Valuation of Trust in Open Networks, Proc. of the 3rd European Symposium on Research in Computer Security, pp. 3-18.
7. Box, D.,et al. (2000). Simple Object Access Protocol (SOAP) 1.1. Retrieved on XXX from, http://www.w3.org/TR/2000/NOTE-SOAP-20000508
8. Cantor, S., et al. (2005). Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. Retrieved on XXX from, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
9. Chadwick, D., Otenko, A., & Ball, E. (2003). Implementing Role Based Access Controls Using X.509 Attribute Certificates, IEEE Internet Computing, pp. 62-69.
10. Christensen, E., et al. (2001). Web Services Description Language (WSDL) 1.1. Retrieved on XXX from, http://www.w3.org/TR/wsdl.
11. Damiani, E., Vimercati, S., Samarati, P., & Viviani, M. (2005). A WOWA-based Aggregation Technique on Trust Values Connected to Metadata, Proc. Of International Workshop on Security and Trust Management, pp. 131-142.
12. Dimmock, N. (2004). Using Trust and Risk in Role-Based Access Control Policies, Proc. 2004 Symposium on Access Control Models and Technologies, pp. 156-162.
13. Ellison, C., et al. (1999). SPKI Certificate Theory, Internet Report, RFC 2693.
14. Freudenthal, E., Pesin, T., Port, L., Keenan, E., & Karamcheti, V. (2002). dRBAC: Distributed Rolebased Access Control for Dynamic Coalition Environments, Proc. of 22nd International Conference on Distributed Computing Systems, pp. 411-420.
15. Hallam-Baker, P., et al. (2004). Web Services Security X.509 Certificate Token Profile. Retrieved on XXX from, http://docs.oasis-open.org/wss/2004/01/ oasis-200401-wss-x509-token-profile-1.0.pdf.
16. Josang, A. (1996). The right type of trust for distributed systems, Proc. 1996 New Security Paradigms Workshops, pp. 119-131.
17. Kent, S. (1993). Privacy Enhancement for Internet electronic Mail: Part II: Certificate-Based Key Management, Internet Report, RFC 1422.
18. Li, N., Mitchell, J., & Winsborough, W. (2002). Design of a Role-Based Trust-Management Framework, Proc. of the 2002 IEEE Symposium on Security and Privacy, pp. 114-130.
19. Microsoft (2006). Major Features of the Web Services Enhancements. Retrieved on XXX from, http://msdn.microsoft.com/library/en-us/wse/html/ 3c55ed70-6b66-4620-bba7-59c5b2f2191d.asp.
20. Nadalin, A., et al. (2004). Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). Retrieved on XXX from, http://docs.oasis-open.org/wss/ 2004/01/oasis-200401-wss-soap-messagesecurity-1.0.pdf.
21. Papazoglou, M. & Georgakopoulos, D. (2003). Service-oriented Computing, Communications of the ACM, 46(10), pp. 25-28.
22. Pimlott, A. & Kiselyov, O. (2006). Soutei, a Logic-Based Trust-Management System, Proc. of 8th International Symposium on Functional and Logic Programming, pp. 130-145.
23. Rangan, P. (1992). An Axiomatic Theory of Trust in Secure Communication Protocols, Computers and Security, 11, pp. 163 - 172.
24. Reiter, M. (1999). Authentication Metric Analysis and Design, ACM Trans. Information and System Security, 2(2), pp. 138-158.
25. Sandhu, R., Coyne, E., Feinstein, H., & Youman, C. (1996). Role-based acess control models, IEEE Computer, 20(2), pp. 38-47.
26. Schneider, F. (2003). Least Privilege and More, IEEE Security and Privacy, 1(3), pp. 55-59.
27. Tarah, A. & Huitema, C. (1992). Associating Metrics to Certification Paths, Proc. 2nd European Symposium on Research in Computer Security, pp. 175-189.
28. Vandenwauver, M., Govaerts, R., & Vandewalle, J. (1997). Role based access control in distributed systems, Communications and Multimedia Security, 3, pp. 169-177.
29. Weaver, A., Dwyer, S., Snyder, A., Van Dyke, J., Hu, J., Chen, X., & Mulholland, T. (2003). Federated, Secure Trust Networks for Distributed Healthcare IT Services, Proc. of IEEE International Conference on Industrial Informatics, pp. 162-169.
30. Zimmermann, P. (1995). The Official PGP User's Guide, MIT Press.