论文信息 - Web service authorization framework

Web service authorization framework

Web services represent an important technology for distributed applications and will replace various other technologies for distributed application development soon. A lot of problems of the early days of Web services are solved now. However, for authorization no appropriate solution is available and ready to use. We define requirements for authorization of Web services and investigate existing authorization solutions concerning these requirements. Based on existing authorization solutions and the defined requirements, a Web service authorization framework is developed. We describe concepts and the design of the proposed framework and give an overview of selected implementation aspects (e.g. authorization data access, descriptive deployment). The framework emphasizes easy deployment of Web Service authorization and is ready to use. Practical experience using the framework concludes the paper.

Thomas Ziebermayr | Stefan Probst

[1] F. O U N D S T O N E. Security in the Microsoft® .NET Framework , 2001 .

[2] Hans-Peter Steiert. Towards a component-based n-Tier C/S-architecture , 1998, ISAW '98.

[3] Monica Pawlan,et al. The J2EE Tutorial , 2004 .

[4] Reiner Kraft,et al. Designing a distributed access control processor for network services on the Web , 2002, XMLSEC '02.

[5] Ravi S. Sandhu,et al. The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[6] Edgar R. Weippl,et al. Role-Based Access Controls: Status, Dissemination, and Prospects for Generic Security Mechanisms , 2004, Electron. Commer. Res..

[7] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[8] Awais Rashid,et al. XML Data Management: Native XML and XML-Enabled Database Systems , 2003 .

[9] Pierangela Samarati,et al. Authentication, access control, and audit , 1996, CSUR.