Ws-AC: A Fine Grained Access Control System for Web Services
Author
ELISA BERTINO , ANNA C. SQUICCIARINI , IVAN PALOSCIA , LORENZO MARTINO
Tech report number
CERIAS TR 2005-98
Abstract
The emerging Web service technology has enabled the development of Internet-based applications that
integrate distributed and heterogeneous systems and processes which are owned by different organizations.
However, while Web services are rapidly becoming a fundamental paradigm for the development of complex
Web applications, several security issues still need to be addressed. Among the various open issues concerning
security, an important issue is represented by the development of suitable access control models, able to restrict
access to Web services to authorized users. In this paper we present an innovative access control model for
Web services. The model is characterized by a number of key features, including identity attributes and
service negotiation capabilities. We formally define the protocol for carrying on negotiations, by specifying
the types of message to be exchanged and their contents, based on which requestor and provider can reach an
agreement about security requirements and services. We also discuss the architecture of the prototype we are
currently implementing. As part of the architecture we propose a mechanism for mapping our policies onto
the WS-Policy standard which provides a standardized grammar for expressing Web services policies
Booktitle
World Wide Web Journal, 2005
Institution
Computer Sciences Department and CERIAS, Purdue University, West Lafayette and Dipartimento di Informatica e Comunicazione, Universita
Key alpha
Ws-AC: A Fine Grained Access Control System for Web Services
Publisher
World Wide Web: Internet and Web Information Systems
Publication Date
2005-01-01
Copyright
006 Springer Science + Business Media, LLC.
Keywords
security, access control, distributed systems, web services, negotiation