A Logic-Based Access Control Approach For Web Services

Web Services technology enables organisations to exploit software as a service. Services are accessed by method invocations. Method interfaces are described and published, and may be freely available. In Web Services environments, access control is required to cross the borders of security domains, to be implemented between heterogeneous systems. Interaction is between remotely located parties who may know little about each other. Access control generally assumes that identity is established. To overcome the limitations of identity-based solutions, domainindependent access control information is added to a message. As a Web Service endpoint is required to integrate such information into its access control decision-making process, issues arise such as; whom to accept access control information from; what the format of such information must be; how to inform the requestor of the format; and how to give access to methods based on presented access control information. To address such issues, a logic-based access control approach is defined for a Web Service endpoint. A logic-based authorization manager is described, that provides a formal foundation of logical reasoning, to enable the enforcement of consistent access control decisions over the resources of Web Services.

[1]  Regina Dunlea,et al.  Simple Object Access Protocol (SOAP) , 2005 .

[2]  Jean Bacon,et al.  Toward open, secure, widely distributed services , 2002, CACM.

[3]  James Snell,et al.  Introduction to Web services architecture , 2002, IBM Syst. J..

[4]  D. Box,et al.  Simple object access protocol (SOAP) 1.1 , 2000 .

[5]  William E. Johnston,et al.  Authorization and attribute certificates for widely distributed access control , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[6]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[7]  Paul Ashley,et al.  Cross-domain one-shot authorization using smart cards , 2000, CCS.

[8]  Reiner Kraft A Model for Network Services on the Web , 2002, International Conference on Internet Computing.

[9]  Ravi Sandhu Access Control: The Neglected Frontier , 1996, ACISP.

[10]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[11]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[12]  Frank P. Coyle,et al.  XML, Web Services, and the Data Revolution , 2002 .

[13]  大島 正嗣,et al.  Simple Object Access Protocol と,その応用としてのソフトウェアの組み合わせについて (渡邉昭夫教授退任記念号) , 2001 .