A Survey on Authorization Systems for Web Applications

Web services are the most important point of usage for the modern web architecture. The Service oriented architecture (SOA) used in web services offers a simple platform for integrating heterogeneous distributed web applications and service. The distributed and open nature of the present system makes it vulnerable to security issues such as Web service Description Language (WSDL) spoofing, Middleware Hijacking, etc. Assuring security for the web services to solve all security flaws is difficult. Authorization is an important aspect for assuring security. Authorization failure can create much vulnerability for the system security using web services which are distributed in nature. In this paper a survey of the authorization techniques for web services based application.

[1]  Bhavani M. Thuraisingham,et al.  Security standards for the semantic web , 2005, Comput. Stand. Interfaces.

[2]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[3]  T. Ziebermayr,et al.  Web service authorization framework , 2004 .

[4]  Martin Naedele Standards for XML and Web Services Security , 2003, Computer.

[5]  Nils Gruschka,et al.  Event-Based SOAP Message Validation for WS-SecurityPolicy-Enriched Web Services , 2006, SWWS.

[6]  Nils Gruschka,et al.  Access Control Enforcement for Web Services by Event-Based Security Token Processing , 2011 .

[7]  Jean Jacques Moreau,et al.  SOAP Version 1. 2 Part 1: Messaging Framework , 2003 .

[8]  Fabio Massacci,et al.  Interactive Access Control for Web Services , 2004, SEC.

[9]  Michael McIntosh,et al.  XML signature element wrapping attacks and countermeasures , 2005, SWS '05.

[10]  Schahram Dustdar,et al.  A survey on web services composition , 2005, Int. J. Web Grid Serv..

[11]  Emil C. Lupu,et al.  The uses of role hierarchies in access control , 1999, RBAC '99.

[12]  David F. Ferraiolo,et al.  Assessment of Access Control Systems , 2006 .

[13]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[14]  Jun Han,et al.  Security Attack Ontology for Web Services , 2006, SKG.

[15]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[16]  Jan-Erik Ekberg,et al.  Mandatory Access Control for Mobile Devices , 2008 .