Access control for the services oriented architecture

SWS'07 - Proceedings of the 2007 ACM Workshop on Secure Web Services

Volumn , Issue , 2007, Pages 9-17

  Li, Jun ^a   Karp, Alan H ^a  

^a HEWLETT PACKARD LABORATORIES   (United States)

Author keywords

access control; federated identity management; fidm; services oriented architecture; SOA; web services

Indexed keywords

ACCESS MANAGEMENT; ACCESS POLICIES; FEDERATED IDENTITY; FIDM; SERVICES ORIENTED ARCHITECTURE; WEB SERVICES STANDARDS;

ACCESS CONTROL; ARCHITECTURE; SECURITY SYSTEMS;

WEB SERVICES;

EID: 70449504689     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314418.1314421     Document Type: Conference Paper

References (41)

1. ActiveIdentity, Single Sign-On, http://www.actividentity.com/solutions/ technology/esso--overview.php
2. Blaze, M.; Feigenbaum, J.; Lacy, J., "Decentralized trust management," Proceedings of IEEE Symposium on Security and Privacy, pp. 164-173, 1996.
3. Boebert, W. E., On the Inability of an Unmodified Capability Machine to Enforce the *-property. In Proc. 7th DoD/NBS Computer Security Conference, pages 291-293, Gaithersburg, MD, USA, September 1984. National Bureau of Standards.
4. Computer Associates, Single Sign-On, http://www.ca.com/us/products/ product.aspx?id=166
5. Daley, R. C. and Neumann, P. G., A general-purpose file system for secondary storage, Proceedings of the Fall Joint Computer Conference, 1965.
6. Dennis, J. B. and Van Horn, E. C., Programming Semantics for Multiprogrammed Computations, Comm. of the ACM, 9, #3, 1966.
7. Donnelley, J. E., A Distributed Capability Computing System. In Proc. Third International Conference on Computer Communication, pages 432-440, Toronto, Canada, 1976.
8. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T., "SPKI Certificate Theory", IETF RFC 2693. http://www.ietf.org/ rfc/rfc2693.txt
9. Extensible Access Control Markup Language (XACML) V1.1, http://www.oasisopen.org/committees/xacml/repository/cs-xacmlspecification- 1.1.pdf
10. Extensible Markup Language (XML), http://www.w3.org/XML/
11. Ferraiolo, D. F. and Kuhn, D. R, "Role Based Access Control" 15th National Computer Security Conference, 1992.
12. Ferrara, A. and MacDonald, M., Programming .NET Web Services, O'Reilly Media, Inc., 2002.
13. Hardy, N., KeyKOS Architecture. SIGOPS Operating Systems Review, 19(4):8-25, 1985.
14. Hardy, N., "The Confused Deputy: (or why capabilities might have been invented)", ACM SIGOPS Operating Systems Review, Volume 22, Issue 4 (October 1988).
15. Henning, M. and Vinoski, S., Advanced CORBA Programming with C++, Addison-Wesley, 1999.
16. Hewlett-Packard, e-speak Architectural Specification, Release A.03.14.00, 2001.
17. Karp, A. H., Gupta, R., Rozas, G., and Banerji, A., The Client Utility Architecture: The Precursor to E-Speak. Technical Report HPL-2001-136, Hewlett Packard Laboratories, 2001.
18. Karp, A. H., "Authorization Based Access Control for the Services Oriented Architecture", Proc. 4th Int. Conf. on Creating, Connecting and Collaborating through Computing (C5 2006), Berkeley, CA, IEEE Press, January (2006), http://www.hpl.hp.com/techreports/2006/HPL-2006-3.html. Some of the introductory material comes from this paper.
19. Li, J. and Karp, A., "Zebra Copy: A Reference Implementation of Federated Access Management", HP Labs Technical Report HPL-2007-105, http://www.hpl.hp.com/techreports/2007/HPL-2007-105.html
20. Li, J. and Karp, A., "Zebra Copy sample code", http://www.hpl.hp.com/Alan-Karp/ZebraCopy.zip
21. Li, J. and Karp, A., "Zebra Copy sample code with SOAP interception", http://www.hpl.hp.com/Alan-Karp/ZebraCopyExtension.zip
22. Liberty Alliance, http://www.projectliberty.org/.
23. Mayfield, W. Traditional capability-based systems: An analysis of their ability to meet the trusted computer security evaluation criteria. Technical report, National Computer Security Center, Institute for Defense Analysis, 1987.
24. Microsoft, "Introducing Windows CardSpace", http://msdn2.microsoft.com/en-us/library/aa480189.aspx
25. Miller, M. S. and Shapiro, J. S. Paradigm Regained: Abstraction Mechanisms for Access Control. In Proc. Eighth Asian Computing Science Conference, pages 224-242, Tata Institute of Fundamental Research, Mumbai, India, 2003.
26. Miller, M. S, Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control, Ph. D. Thesis, Johns Hopkins University, Baltimore, Maryland, USA, 2006.
27. OASIS, "Security Assertion Markup Language (SAML) 2.0 Technical Overview, Working Draft 05", 10 May 2005, http://www.oasisopen.org/ committees/download.php/12549/sstc-saml-techoverview- 2%5B1%5D.0-draft-05.pdf
28. Papazoglou, M.P and Georgakopoulos, D., "Service- Oriented Computing," Communications of the ACM, Vol. 46, No. 10, pp. 25-8, Oct. 2003.
29. Ping Identity, "Reducing Account Sharing with Federated Single Sign-On", Webinar, http://www.pingidentity.com/p/03yVcBqM?elq=F993B4D59 6D54D5B91838E8F7ECD6DE6
30. Ping Identity, Single Sign-On, http://www.pingidentity.com/resources/88
31. RSA Conference 2007, http://www.rsaconference.com/2007/US/.
32. Security Token, see http://www.oasisopen. org/committees/download.php/ 16790/wss-v1.1-specos- SOAPMessageSecurity.pdf, and http://www.oasisopen.org/ committees/download.php/16785/wss-v1.1-specos- x509TokenProfile.pdf
33. Simple Object Access Protocol (SOAP) 1.1, W3C Note, http://www.w3.org/TR/ 2000/NOTE-SOAP-20000508/
34. Stoll, C., The Cuckoo's Egg, Pocket Books, New York, 1989.
35. Stojanovic, Z. and Dahanayake, A. (eds), Service-Oriented Software System Engineering: Challenges and Practices, Idea Group Publishing, 2005.
36. The Open Group, CDSA Explained, http://www.opengroup.org/bookstore/ catalog/g905.htm,2001.
37. Thompson, M. R., Essiari, A., and Mudumbai, S., Certificate-Based Authorization Policy in a PKI Environment, ACM Trans. Information System Security, Vol. 6, No. 4, Nov. 2003, pp. 566-588.
38. Universal Description, Discovery, and Integration (UDDI), http://www.uddi.org/.
39. Vinoski, S., "CORBA: Integrating Diverse Applications within Distributed Heterogeneous Environments," IEEE Communications Magazine, vol.35, no.2, pp. 46-55, Feb. 1997. (Pubitemid 127641958)
40. Web Services Description Language (WSDL) 1.1, W3C Note, http://www.w3.org/TR/wsdl.html.
41. XML-Signature Syntax and Processing, W3C Recommendation, http://www.w3.org/TR/xmldsig-core/