A role based access control for web services
- 23 December 2004
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Web services are vulnerable to various types of security attacks. We address one type of attacks, where applications trying to access services to which they are not authorized. Existing access control for Web services lack of support for global services. As such services are WAN-based, therefore access control needed to deal with various levels of Web services, including global (for composite services) and local level (for Web servers). We propose two access control: SWS-RBAC (for single services) and CWS-RBAC (for global services). Instead of protecting the content of the service's parameters, these models protect the parameters themselves. The proposed approach introduces global roles, which are used in the mapping to local roles of other service providers. To maintain the autonomy of roles between providers, an efficient role-mapping mechanism has been proposed accordingly.Keywords
This publication has 5 references indexed in Scilit:
- A fine-grained access control system for XML documentsACM Transactions on Information and System Security, 2002
- Fine grained access control for SOAP E-servicesPublished by Association for Computing Machinery (ACM) ,2001
- Design and implementation of an access control processor for XML documentsComputer Networks, 2000
- Specifying and enforcing access control policies for XML document sourcesWorld Wide Web, 2000
- A role-based access control for intranet securityIEEE Internet Computing, 1997