Towards Web Service access control

Computers and Security

Volumn 23, Issue 7, 2004, Pages 559-570

  Coetzee, M ^a   Eloff, J H P ^a  

^a UNIVERSITY OF PRETORIA   (South Africa)

Author keywords

Access control; Assertions; Authorisation manager; Logical rules; Roles; SOAP; Trust; Web Services; XML

Indexed keywords

COMPUTER SYSTEM FIREWALLS; INFORMATION ANALYSIS; INTEGRATION; INTERFACES (COMPUTER); NETWORK PROTOCOLS; SOCIETIES AND INSTITUTIONS;

ACCESS CONTROL; ASSERTIONS; AUTHORIZATION MANAGER; LOGICAL RULES; ROLES; SOAP; TRUST; WEB SERVICES;

WORLD WIDE WEB;

EID: 8344220516     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2004.05.006     Document Type: Article

References (26)

1. Anderson A, Anderson S, Adams C, Beznosov K, Brose G, Crocker S, et al. XACML 1.0 specification, 〈http://www.oasis-open.org/committees/tc_home.php? wg_abbrev=xacml〉;2003.
2. Ashley P, Au R, Looi M. Cross-domain one-shot authorization using smart cards. In: Proceedings of the seventh ACM conference on computer and communications security. ACM Press; 2000. p. 220-7.
3. Atkinson B, Bellwood T, Cahuzac M, Clément L, Colgrave J, Corda U, et al. UDDI version 3.0.1, 〈http://uddi.org/pubs/uddi-v3.0.1-20031014. htm〉; 14 Oct 2003.
4. Bacon J, Moody K. Toward open, secure, widely distributed services. Commun ACM 2002;45(6):59-64.
5. Beznosov K, Deng Y, Blakley B, Burt C, Barkley J. A resource access decision service for CORBA-based distributed systems. In: Proceedings of 15th IEEE annual computer security applications conference (ACSAC '99). IEEE Press; 1999. p. 310-9.
6. Bhatti R, Joshi JBD, Bertino E, Ghafoor A. Access control in dynamic XML-based Web-services with X-RBAC. The first international conference on Web services, Las Vegas; June 23-26, 2003.
7. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A. The KeyNote trust management system, version 2. IETF RFC-2704, 〈http://www.crypto.com/papers/ rfc2704.txt〉; 1999.
8. Bonatti P, Samarati P. A unified framework for regulating access and information release on the Web. J Comput Secur 2002; 10(3):241-72.
9. Box D, Curbera F, Hondo M, Kale C, Langworthy D, Nadalin A, et al. Web Services Policy Framework (WS-Policy). 〈http://www-106.ibm.com/ developerworks/library/ws-polfram/〉; 28 May 2003.
10. Box D, Ehnebuske D, Kakivaya G, Layman A, Mendelsohn N, Nielsen HF, et al. Simple Object Access Protocol (SOAP) 1.1, 〈http://www.w3.org/TR/SOAP/ 〉; May 2000.
11. Bray T, Paoli J, Sperberg-McQueen CM, Maler E. Extensible Markup Language (XML) 1.0. W3C recommendation. 2nd ed. 6 October 2000.
12. Chadwick DW, Otenko A. The PERMIS X.509 role-based privilege management infrastructure. In: Seventh ACM symposium on access control models and technologies. ACM Press; 2002. p. 135-40.
13. Christensen E, Curbera F, Meredith G, Weerawarana S. Web Services Description Language (WSDL) 1.1, 〈http://www.w3.org/TR/wsdl〉.
14. Coyle FP. XML, Web services and the data revolution. Addison-Wesley; 2002.
15. Damiani E, De Capitani Di Vimercati S, Paraboschi S, Samarati P. Fine-grained access control for SOAP e-services. Proceedings of the 10th international World Wide Web Conference (WWW10). Hong Kong; May 1-5, 2001.
16. Fielding R, Gettys J, Mogul J, Frystyk H. Hypertext transfer protocol - HTTP/1.1. Network Writing Group, Request for Comments, no. 2068; January 1997.
17. Foster I, Kesselman C, Pearlman L, Tuecke S, Welch V. A community authorization service for group collaboration, 〈www.globus.org/research/ papers/CAS_2002_Revised.pdf〉.
18. Gottschalk K, Graham S, Kreger H, Snell J. Introduction to Web services architecture. IBM Syst J 2002.
19. Hallam-Baker P, Hodges J, Maler E, McLaren C, Irving R. SAML 1. 0 specification, 〈http://www.oasis-open.org/committees/tc_home.php?wg_abbrev= security〉; 2003.
20. IETF Policy Framework Working Group. A framework for policy-based admission control, 〈http://www.ietf.org/rfc/rfc2753.txt〉; 2003.
21. Java 2 platform, enterprise edition, 〈http://java.sun.com/j2ee/ 〉.
22. Johnston W, Mudumbai S, Thompson M. Authorization and attribute certificates for widely distributed access control. In: Proceedings of seventh IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises. IEEE Press; 1998. p. 340-5.
23. Kraft R. A model for network services on the Web. Proceedings of the third international conference on Internet computing, IC 2002, 3:536:541, Las Vegas; June 2002.
24. Lam SS, Woo TYC. A framework for distributed authorization. In: Proceedings of the first ACM conference on computer and communications security. ACM Press; 1993. p. 112-8.
25. Microsoft.NET platform, 〈http://www.microsoft.com/net/〉.
26. Sandu R. Access control: the neglected frontier. Proceedings of the first Australian conference on information security and privacy. Wollongong, Australia; June 23-26, 1996.