Web services are vulnerable to various types of security attacks. We address one type of attacks, where applications trying to access services to which they are not authorized. Existing access control for Web services lack of support for global services. As such services are WAN-based, therefore access control needed to deal with various levels of Web services, including global (for composite services) and local level (for Web servers). We propose two access control: SWS-RBAC (for single services) and CWS-RBAC (for global services). Instead of protecting the content of the service's parameters, these models protect the parameters themselves. The proposed approach introduces global roles, which are used in the mapping to local roles of other service providers. To maintain the autonomy of roles between providers, an efficient role-mapping mechanism has been proposed accordingly.
[1]
Elisa Bertino,et al.
Author-X: A Java-Based System for XML Data Protection
,
2000,
DBSec.
[2]
Ernesto Damiani,et al.
Fine grained access control for SOAP E-services
,
2001,
WWW '01.
[3]
Elisa Bertino,et al.
Specifying and enforcing access control policies for XML document sources
,
2004,
World Wide Web.
[4]
Zahir Tari,et al.
A Role-Based Access Control for Intranet Security
,
1997,
IEEE Internet Comput..
[5]
Sabrina De Capitani di Vimercati,et al.
A fine-grained access control system for XML documents
,
2002,
TSEC.
[6]
Ernesto Damiani,et al.
Design and implementation of an access control processor for XML documents
,
2000,
Comput. Networks.