A Web Service Architecture for Enforcing Access Control Policies

被引：17

作者：

Ardagna, Claudio Agostino ^{[1
]}

Damiani, Ernesto ^{[1
]}

di Vimercati, Sabrina De Capitani ^{[1
]}

Samarati, Pierangela ^{[1
]}

机构：

[1] Univ Milan, Dipartimento Tecnol Informaz, I-26013 Crema, Italy

来源：

ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE | 2006年 / 142卷

关键词：

Web Services; security; interoperability; distributed systems; XML;

D O I：

10.1016/j.entcs.2004.09.044

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Web services represent a challenge and an opportunity for organizations wishing to expose product and services offerings through the Internet. The Web service technology provides an environment in which service providers and consumers can discover each other and conduct business transactions through the exchange of XML-based documents. However, any organization using XML and Web Services must ensure that only the right users, sending the appropriate XML content, can access their Web Services. Access control policy specification for controlling access to Web services is then becoming an emergent research area due to the rapid development of Web services in modern economy. This paper is an effort to understand the basic concepts for securing Web services and the requirements for implementing secure Web services. We describe the design and implementation of a Web service architecture for enforcing access control policies, the overall rationale and some specific choices of our design are discussed.

引用

页码：47 / 62

页数：16

共 50 条

[41] A practical aspect framework for enforcing fine-grained access control in web applications
Chen, K
Huang, CM
INFORMATION SECURITY PRACTICE AND EXPERIENCE, 2005, 3439 : 156 - 167
[42] Access Control Policies for Web Services in Medical Aid System
Kuang, Li-Qun
Zhang, Yuan
Han, Xie
2009 INTERNATIONAL CONFERENCE ON INFORMATION MANAGEMENT, INNOVATION MANAGEMENT AND INDUSTRIAL ENGINEERING, VOL 2, PROCEEDINGS, 2009, : 167 - 170
[43] Specification of access control and certification policies for semantic web services
Agarwal, S
Sprick, B
E-COMMERCE AND WEB TECHNOLOGIES, PROCEEDINGS, 2005, 3590 : 348 - 357
[44] Types for Workflow Access Control in Web Service Context
Lu, Yahui
Zhang, Li
2009 IEEE CONGRESS ON SERVICES (SERVICES-1 2009), VOLS 1 AND 2, 2009, : 621 - +
[45] An access control system for a web map management service
Bertino, E
Damiani, ML
Momini, D
14TH INTERNATIONAL WORKSHOP ON RESEARCH ISSUES ON DATA ENGINEERING: WEB SERVICES FOR E-COMMERCE AND E-GOVERNMENT APPLICATIONS, PROCEEDINGS, 2004, : 33 - 39
[46] Access Control for Human Tasks in Service Oriented Architecture
Wang, Xin
Zhang, Yanchun
Shi, Hao
PROCEEDINGS OF THE ICEBE 2008: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, 2008, : 455 - 460
[47] A SRP based handler for Web service access control
Silva, FO
Pacheco, JAA
Rosa, PF
2004 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, 2004, : 57 - 62
[48] Concurrent access to a virtual microscope using a web service oriented architecture
Corredor, German
Iregui, Marcela
Arias, Viviana
Romero, Eduardo
IX INTERNATIONAL SEMINAR ON MEDICAL INFORMATION PROCESSING AND ANALYSIS, 2013, 8922
[49] EPICS: A Framework for Enforcing Security Policies in Composite Web Services
Ranchal, Rohit
Bhargava, Bharat
Angin, Pelin
ben Othmane, Lotfi
IEEE TRANSACTIONS ON SERVICES COMPUTING, 2019, 12 (03) : 415 - 428
[50] Specifying and enforcing application-level Web security policies
Scott, D
Sharp, R
IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2003, 15 (04) : 771 - 783

← 1 2 3 4 5 →