Web services are designed to provide easier B2B integration among enterprises. UDDI defines a standard way for businesses to list their services and discover each other on the Internet. Due to security concerns organizations prefer to build their own private UDDI registries in their corporate network, which are only accessible by invited business partners. Since an organization may only want the right business partners to see only the right service information they have permission to see, access control mechanisms inside the private registry are desirable. Hence in this paper we propose a role-based access control model in private UDDI registries to help achieve information confidentiality inside corporate registries. Based on XACML, the model exploits XML's own ability to build access control in a UDDI registry.
[1]
Sabrina De Capitani di Vimercati,et al.
A fine-grained access control system for XML documents
,
2002,
TSEC.
[2]
Alban Gabillon,et al.
Regulating Access to XML documents
,
2001,
DBSec.
[3]
Ernesto Damiani,et al.
Towards securing XML Web services
,
2002,
XMLSEC '02.
[4]
Carlisle M. Adams,et al.
UDDI and WSDL extensions for Web service: a security framework
,
2002,
XMLSEC '02.
[5]
Elisa Bertino,et al.
Securing XML Documents with Author-X
,
2001,
IEEE Internet Comput..
[6]
Gerald Brose.
Securing Web Services with SOAP Security Proxies
,
2003,
ICWS.