Credential Based Access Control for Semantic Web Services

In this paper we make a contribution to the proof and trust layer of the Semantic Web layer cake by integrating two well founded techniques, namely DAML-S (for describing Web services with machine-processable semantics) and SPKI/SDSI (for specifying authorization based access control). Our approach builds on the idea of autonomous granting of access rights and decision making based on independent trust structures. Our framework allows the specification of access control related and functionality related aspects in a unified way that is manageable and efficient. Therefore, our approach is useful not only in typical Web service based applications (client-server architecture) but also in peer to peer and agent based applications.

[1]  F. L. Bauer,et al.  Revised report on the algorithmic languageAlgol 60 , 1962 .

[2]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[3]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[4]  John McCarthy,et al.  Recursive functions of symbolic expressions and their computation by machine, Part I , 1959, Commun. ACM.

[5]  Pierangela Samarati Enriching Access Control to Support Credential-Based Specificatons , 2002, GI Jahrestagung.

[6]  Peter F. Patel-Schneider,et al.  Layering the Semantic Web: Problems and Directions , 2002, SEMWEB.

[7]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[8]  Jerry R. Hobbs,et al.  DAML-S: Semantic Markup for Web Services , 2001, SWWS.

[9]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[10]  Martin Nemzow,et al.  Rethinking Public Key Infrastructures and Digital Certificates and Privacy , 2001 .

[11]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[12]  James A. Hendler,et al.  Spinning the Semantic Web: Bringing the World Wide Web to Its Full Potential , 2002 .

[13]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[14]  Timothy W. Finin,et al.  Security for DAML Web Services: Annotation and Matchmaking , 2003, SEMWEB.

[15]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[16]  Joachim Biskup,et al.  Towards a credential-based implementation of compound access control policies , 2004, SACMAT '04.

[17]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[18]  Friedrich L. Bauer,et al.  Revised report on the algorithm language ALGOL 60 , 1963, CACM.

[19]  Joachim Biskup,et al.  A Hybrid PKI Model: Application to Secure Mediation , 2002, DBSec.

[20]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[21]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[22]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[23]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[24]  Jerry R. Hobbs,et al.  DAML-S: Web Service Description for the Semantic Web , 2002, SEMWEB.