论文信息 - Unifying private registry and web service access control

Unifying private registry and web service access control

Security is a key factor in any distributed computing environment and Web services-based environment is not an exception. The Security challenge includes, among other factors, registry and services access-control. In this paper we propose an access control approach that uses uniquely renamed per client service operation names and role based access control, which unifies registry and Web services access control mechanisms. The proposed approach is applicable in the wired as well as the wireless environments, and can support a wide spectrum of enterprises.

Robert Steele | Tharam S. Dillon | K Khankan

[1] Carlisle M. Adams,et al. UDDI and WSDL extensions for Web service: a security framework , 2002, XMLSEC '02.

[2] Gerald Brose. Securing Web Services with SOAP Security Proxies , 2003, ICWS.

[3] Sabrina De Capitani di Vimercati,et al. A fine-grained access control system for XML documents , 2002, TSEC.

[4] H. Raghav Rao,et al. A conceptual approach to information security in financial account aggregation , 2004, ICEC '04.

[5] Martin S. Olivier,et al. Database and Application Security XV, IFIP TC11/WG11.3 Fifteenth Annual Working Conference on Database and Application Security, July 15-18, 2001, Niagara on the Lake, Ontario, Canada , 2002, DBSec.

[6] Robert Steele,et al. UDDI Access Control for the Extended Enterprise , 2005, WEBIST.

[7] Elisa Bertino,et al. Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[8] Alban Gabillon,et al. Regulating Access to XML documents , 2001, DBSec.