Web Services Enabled E-Market Access Control Model

International Journal of Web Services Research (IJWSR)

Volumn 1, Issue 1, 2004, Pages 21-40

  Wang, Harry J ^a   Cheng, Hsing K ^b   Zhao, J Leon ^a  

^a UNIVERSITY OF ARIZONA   (United States)

^b UNIVERSITY OF FLORIDA   (United States)

Author keywords

access control; data security; e market; inter organizational workflow; web services

Indexed keywords

EID: 85001833332     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2004010102     Document Type: Article

References (26)

1. Ahn, G. & Sandhu, R. (2000). Role-based authorization Constraints Specification. ACM Transactions on Information and System Security, 3(4), 207–226.
2. Baron, J. P., Shaw, M. J., & Bailey, A. D. (2000). Web-based e-catalog systems in B2B procurement. Communications of the ACM, 43(5), 93–100.
3. BEA System, IBM Corporation and Microsoft Corporation, Inc. (2002) Business Process Execution Language for Web Services, Version 1.0. http:// www.bim.com/developerworks/library/ ws-bpel.
4. Bertino, E., Bonatti, P. A., & Ferrari, E. (2001) TRBAC: A Temporal Role-Based Access Control Model, ACM Transactions on Information and System Security, 4(3), 191–223.
5. Bertino, E., Catania, B., Ferrari, E. & Perlasca, P. (2003). A logical framework for reasoning about access control models. ACM Transactions on Inofrmation and System Security, 6(1), 71–127.
6. Bertino, E., Ferrari, E. & Atluri, V. (1999). The specifiction and enformcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1), 65–104.
7. Casati, F., Castano, S. & Fugini, M. (2001) Managing Workflow Authorization Constraints through Active Database Technology. Information Systems Frontiers, 3(3), 319–338.
8. Cohen, E., Thomas, R.K., Winsborough, W. & Shands, D. (2002) Models for Coalition-based Access Control (CBAC). Seventh ACM Symposium on Access Control Models and Technologies, Monterey, California. eMarket Services. (2002). Introduction to eMarkets. http:// www.emarketservices.com.
9. Feldman, S. (2000). Electronic marketplaces. IEEE Internet computing, July-August, 93–95.
10. Ferralolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R. & Chandramouli, R. (2001). Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security, 4(3), 224–274
11. Geppert, A., Kradolfer, M. & Tombros, D. (1998) Federating heterogeneous workflow systems. Technical Report 05, Department of Computer Science, University of Zrich.
12. Joshi, J. B. D., Aref, W. G., Ghafoor, A. & Spafford, E. H. (2001) Security models for web-based applications. Communications of the ACM, 44(2), 38–44.
13. Kang, H.M., Park, J.S. & Froscher, J.N. (2001) Access Control Mechanisms for Inter-organizational Workflow. 6th ACM Symp. on Access Control Models and Technologies, 66–74.
14. Kreger, H. (2003) Fulfilling the Web services promise, Communications of the ACM, (46)6, 29–34.
15. Kreger, H. (2001) Web Services Conceptual Architecture. IBM Software Group, May 2001. http://www-3.ibm.com/ software/solutions/webservices/pdf/ WSCA.pdf.
16. Lee, J., Yang, J. & Chung, J. (2002) Winslow: A Business Process Management System with Web Services. Technical Paper, IBM T.J. Watson Research Center.
17. Leymann, F., Roller, D. & Schmidt M.T. (2002) Web services and business process management. IBM Systems Journal, Special Issue on New Developments in Web Services and E-commerce, 41(2), 198–211.
18. Medjahed, B., Benatallah, B., Bouguettaya, A., Ngu, A. H. H., & Elmagarmid, A. K. (2003). Business-to-business interactions: issues and enabling technologies. The VLDB Journal, 12, 59–85.
19. Nagappan, R., Skoczylas, R. & Sriganesh, R. P. (2003). Developing Java Web Services. John Wiley & Sons.
20. OASIS (2003). extensible access control markup language (XACML) version 1.0. http://www. oasis-open.org/ committees/xacml/repository/.
21. OASIS (2002). Assertions and protocol for the OASIS security assertion markup language (SAML). http:// www.oasis-open.org/committees/ security/docs/.
22. Sandhu, R.S., Coyne, E.J., Feinstein, H.L. & Youman, C.E. (1996) Role-based Access Control Models. IEEE Computer, 29(2), 38–47.
23. Thomas, R. K. (1997) Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. 2nd ACM Workshop on Role-Based Access Control, Nov. 6–7, 13 -19.
24. Thomas, R.K. & Sandhu, R.S. (1997) Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, August 11–13.
25. van der Aalst., W.M.P. (1999) Interorganizational Workflows: An Approach based on Message Sequence Charts and Petri Nets. Systems Analysis- Modelling-Simulation. 34(3), 335–367.
26. Zhao, J. L., Wang, H. J., Huang, S. S. & Chen, G. (2002) Relationship driven access control in a supply web. Proceedings of the 12th Workshop on Information Technology and Systems (WITS'O2), Barcelona, Spain.