Ws-AC: A Fine Grained Access Control System for Web Services

Get BibTex-formatted data

Author

Elisa Bertino, Anna C. Squicciarini, Ivan Paloscia, Lorenzo Martin

Entry type

article

Abstract

The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We formally define the protocol for carrying on negotiations, by specifying the types of message to be exchanged and their contents, based on which requestor and provider can reach an agreement about security requirements and services. We also discuss the architecture of the prototype we are currently implementing. As part of the architecture we propose a mechanism for mapping our policies onto the WS-Policy standard which provides a standardized grammar for expressing Web services policies.

Date

2006 – 06

URL

http://www.springerlink.com/content/u462277705252707/

Journal

World Wide Web

Key alpha

Bertino

Pages

143-171

Publisher

Springer Netherlands

Volume

Affiliation

Purdue University

Publication Date

2006-06-00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Bertino,
	title = " Ws-AC: A Fine Grained Access Control System for Web Services",
	author = "Elisa Bertino, Anna C. Squicciarini, Ivan Paloscia, Lorenzo Martin",
	year = "2006",
	month = "06",
	journal = "World Wide Web",
	pages = "143-171",
	publisher = "Springer Netherlands",
	volume = "9",
	abstract = "The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We formally define the protocol for carrying on negotiations, by specifying the types of message to be exchanged and their contents, based on which requestor and provider can reach an agreement about security requirements and services. We also discuss the architecture of the prototype we are currently implementing. As part of the architecture we propose a mechanism for mapping our policies onto the WS-Policy standard which provides a standardized grammar for expressing Web services policies.",
	affiliation = "Purdue University",
	url = "http://www.springerlink.com/content/u462277705252707/",
}