A Role based Access Control for Web Services

Shanghai, China September 15-September 18

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SCC.2004.1357989

Services Computing, 2004 IEEE Interna ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Roosdiana Wonohoesodo Articles by Zahir Tari

	ASCII Text	x
	Roosdiana Wonohoesodo, Zahir Tari, "A Role based Access Control for Web Services," Services Computing, IEEE International Conference on, pp. 49-56, Services Computing, 2004 IEEE International Conference on (SCC'04), 2004.

	BibTex	x
	@article{ 10.1109/SCC.2004.1357989, author = {Roosdiana Wonohoesodo and Zahir Tari}, title = {A Role based Access Control for Web Services}, journal ={Services Computing, IEEE International Conference on}, volume = {0}, year = {2004}, isbn = {0-7695-2225-4}, pages = {49-56}, doi = {http://doi.ieeecomputersociety.org/10.1109/SCC.2004.1357989}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Services Computing, IEEE International Conference on TI - A Role based Access Control for Web Services SN - 0-7695-2225-4 SP49 EP56 A1 - Roosdiana Wonohoesodo, A1 - Zahir Tari, PY - 2004 KW - null VL - 0 JA - Services Computing, IEEE International Conference on ER -

Roosdiana Wonohoesodo, RMIT University, Australia

Zahir Tari, RMIT University, Australia

Web services are vulnerable to various types of security attacks. This paper addresses one type of attacks, where applications trying to access services to which they are not authorized. Existing access control for web services lack of support for global services. As such services are WAN-based, therefore access control needed to deal with various levels of web services, including global (for composite services) and local level (for web servers). This paper proposes two access control: SWS-RBAC (for single services) and CWS-RBAC (for global services). Instead of protecting the content of the service's parameters, these models protect the parameters themselves. The proposed approach introduces global roles which are used in the mapping to local roles of other service providers. To maintain the autonomy of roles between providers, an efficient role-mapping mechanism has been proposed accordingly.

Citation:

Roosdiana Wonohoesodo, Zahir Tari, "A Role based Access Control for Web Services," scc, pp.49-56, Services Computing, 2004 IEEE International Conference on (SCC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.