Dynamic Access Control Policies and Web-Service Composition

نویسندگان

  • F. Siewe
  • H. Janicke
  • K. Jones
چکیده

Service composition is a fundamental technique for developing web-service applications. In general, a single service is not enough to achieve the user’s goal, rather several services, often from different providers, are composed dynamically to satisfy a request. Ensuring security in such a system is challenging and not supported by most of the security frameworks proposed in current literature. This paper presents a formal model for composing security policies dynamically to cope with changes in requirements or occurrences of events. The model can be used to specify the security policies of web-services and to reason about their composition. We illustrate our approach with a simple example from healthcare services.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A model for specification, composition and verification of access control policies and its application to web services

Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...

متن کامل

AModel for Specification, Composition andVerification of Access Control Policies and Its Application toWeb Services

Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...

متن کامل

Mediating Semantic Web Service Access using the Semantic Firewall

As the technical infrastructure to support Grid environments matures, attention should focus on providing dynamic access to services, whilst ensuring such access is appropriately monitored and secured. Access policies may be dynamic, whereby intra-organisational workflows define local knowledge that could be used to establish appropriate credentials necessary to access the desired service. We d...

متن کامل

Specification of Access Control and Certification Policies for Semantic Web Services

Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this purpose. However, since practically every participant can certify capabilities defined in his/her own...

متن کامل

A Policy-Based Authorization System for Web Services: Integrating X-GTRBAC and WS-Policy

Authorization and access control in Web services is complicated by the unique requirements of the dynamic Web services paradigm. Amongst them is the requirement for a context-aware access control specification and a processing model to apply fine-grained access control on various components of a Web service. In this paper, we address these two requirements and present a policy-based authorizati...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005