ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Designing a distributed access control processor for network services on the Web
Full text PdfPdf (301 KB)
Source Workshop On XML Security archive
Proceedings of the 2002 ACM workshop on XML security table of contents
Fairfax, VA
SESSION: Session 2: secure Web services table of contents
Pages: 36 - 52  
Year of Publication: 2002
ISBN:1-58113-632-3
Author
Reiner Kraft  IBM Almaden Research Center, San Jose, CA
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 19,   Downloads (12 Months): 182,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/764792.764799
What is a DOI?

ABSTRACT

The service oriented architecture (SOA) is gaining more momentum with the advent of network services on the Web. A programmable and machine accessible Web is the vision of many,and might represent a step towards the semantic Web. However, security is a crucial requirement for the serious usage and adoption of the Web services technology. This paper enumerates design goals for an access control model for Web services. It then introduces an abstract general model for Web services components, along with formal definitions and notation that can be used as a basis to design an access control processor independent of a particular Web service implementation. It follows the design of a distributed access control processor built upon this general model for Web services, along with implementation guidelines and examples. Main goals for a general authorization framework are identified, and design spaces enumerated.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Kerberos: The network authentication protocol. http://web.mit.edu/kerberos/www/. last accessed: 3/7/2002.
 
2
Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., New York, NY, 2001
 
3
T. Berners-Lee, R. Fielding, and H. Frystyk. Hypertext transfer protocol - HTTP/1.0. Network Writing Group, Request for Comments, May 1996.
 
4
T. Berners-Lee, R. Fielding, and L. Masinter. Uniform Resource Identifiers (URI): Generic Syntax. http://www.faqs.org/rfcs/rfc2396.html, August 1998.
 
5
D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, and D. Winer. Simple Object Access Protocol (SOAP) 1.1. http://www.w3.org/TR/SOAP/, May 2000.
 
6
D. Brickley and R. Guha. Resource description framework(RDF) schema specification 1.0. http://www.w3.org/TR/2000/CR-rdf-schema-20000327/. last accessed: 3/7/2002.
 
7
A. Brown, B. Fox, S. Hada, B. LaMacchia, and H. Maruyama. SOAP Security Extensions: Digital Signature. http://www.w3.org/TR/SOAP-dsig. last accessed: 3/5/2002.
 
8
Luca Cardelli , Rowan Davies, Service Combinators for Web Computing, IEEE Transactions on Software Engineering, v.25 n.3, p.309-316, May 1999  [doi>10.1109/32.798321]
 
9
A. Ceponkus, P. Furniss, and A. Green. Business Transaction Protocol. http://www.oasis-open.org /committees/business-transactions/draft_0.9.pdf, October 2001.
 
10
G. Clemm, A. Hopkins, E. Sedlar, and J. Whitehead. WebDAV Access Control Protocol. http://www.webdav.org/acl/.
 
11
R. Cover. AuthXML Standard for Web Security. http://xml.coverpages.org/authxml.html. last accessed: 3/7/2002.
 
12
R. Cover. Security Services Markup Language (S2ML). http://xml.coverpages.org/s2ml.html. last accessed: 3/7/2002.
 
13
Ernesto Damiani , Sabrina de Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Design and implementation of an access control processor for XML documents, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.33 n.1-6, p.59-75, June 2000
14
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Fine grained access control for SOAP E-services, Proceedings of the 10th international conference on World Wide Web, p.504-513, May 01-05, 2001, Hong Kong, Hong Kong  [doi>10.1145/371920.372152]
 
15
Naganand Doraswamy , Dan Harkins, IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Prentice Hall PTR, Upper Saddle River, NJ, 1999
 
16
B. A. et al. Web Services Security Language (WS-Security). http://msdn.microsoft.com/library/default.asp? url=/library/en-us/dnglobspec/html/ws-security.asp, January 2002.
 
17
R. Fielding, J. Gettys, J. Mogul, and H. Frystyk. Hypertext transfer protocol - HTTP/1.1. Network Writing Group, Request for Comments, (2068), January 1997.
 
18
J. Fontana. Top Web services worry: Security. Network World, http://www.nwfusion.com /news/2002/0121webservices.html?docid=7747, January 2002.
 
19
W. Ford, P. Hallam-Baker, B. Fox, B. Dillaway, B. LaMacchia, J. Epstein, and J. Lapp. XML Key Management Specification (XKMS). http://www.w3.org/TR/xkms/, March 2001.
 
20
M. N. framework. .NET framework homepage. http://msdn.microsoft.com/netframework/. last accessed: 3/7/2002.
 
21
O. M. Group. The CORBA security service specication. ftp://ftp.omg.org/pub/docs/ptc.
 
22
M. Gudgin, M. Hadley, J.-J. Moreau, and H. F. Nielsen. SOAP Version 1.2 Part 1: Messaging Framework. http://www.w3.org/TR/soap12-part1/, December 2001.
 
23
D. F. S. G. J. Barkley, A. Cincotta and D. Kuhn. Role-based access control for the World Wide Web. 20th National Computer Security Conference, 1997.
 
24
Rohit Khare , Adam Rifkin, Weaving a Web of trust, World Wide Web Journal, v.2 n.3, p.77-112, Summer 1997
 
25
M. Kirtland. Authentication and Authorization. http://msdn.microsoft.com/library/default.asp? url=/library/en-us/dn_voices_webservice/html/service02282001.asp.
 
26
R. Kraft. A model for network services on the web. The 3rd International Conference on Internet Computing (IC 2002), 3:536-541, June 2002.
 
27
R. Kraft. Research and design issues of access control for network services on the web. The 3rd International Conference on Internet Computing (IC 2002), 3:542-548, June 2002
28
Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352613]
 
29
F. Leymann. Web Services Flow Language (WSFL 1.0). http://www-4.ibm.com/software/solutions/webservices/pdf/WSFL.pdf, May 2001.
 
30
L. Lippert. WebDAV Access Control Goals (Internet Draft). http://www.webdav.org/acl/goals/draft-ietf-webdav-acl-reqts-00.txt.
 
31
Microsoft Developer Network (MSDN). An Introduction to GXA: Global XML Web Services Architecture. http://msdn.microsoft.com /library/default.asp? url=/library/en-us/dngxa/html/gloxmlws500.asp, February 2002.
 
32
Microsoft Passport. Microsoft Passport homepage. http://passport.microsoft.com. last accessed: April 2002.
 
33
T. Modi. WSIL: Do we need another Web services specification? http://www.webservicesarchitect.com /content/articles/modi01.asp, January 2002.
 
34
OASIS. eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml/index.shtml.
 
35
R. Oppliger. Methods of securing applications for the world wide web (WWW). Computer Security Journal, 15(1):1-9, Winter 1999.
 
36
Organization for the Advancement of Structured Information Standards (OASIS). OASIS homepage. http://www.oasis-open.org/.
 
37
SAML. Security Assertion Markup Language (SAML). http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-01.pdf. last accessed: April 2002.
 
38
R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Communications, pages 40-48, September 1994.
 
39
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
40
A. SOAP. Apache SOAP homepage. http://xml.apache.org/soap/. last accessed: 3/7/2002.
 
41
E. Stokes, B. Blakley, R. Byrne, R. Huber, and D. Rinkevich. Access control model for LDAPv3. http://www.ietf.org/internet-drafts/draft-ietf-ldapext-acl-model-08.txt.
 
42
O. L. Tim Berners-Lee, James Hendler. W3C Semantic Web - Web Site. http://www.w3.org/2001/sw/. last accessed: 6/3/2002.
 
43
UDDI. UDDI homepage. http://www.uddi.org/. last accessed: 3/5/2002.
 
44
W3C. Extensible markup language (XML). http://www.w3.org/XML/.
 
45
W3C. Platform for privacy preferences (P3P) project. http://www.w3.org/P3P/.
 
46
W3C. XML encryption WG. http://www.w3c.org/Encryption/2001/.
 
47
W3C. XML schema. http://www.w3.org/XML/Schema.
 
48
D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proceeding of 2nd USENIX Workshop on Electronic Commerce, November 1996.
 
49
J. Whitehead and Y. Y. Goland. WebDAV: A network protocol for remote collaborative authoring on the Web. 1999.
 
50
XML Signature WG. XML Digital Signatures. http://www.w3.org/Signature/. last accessed: 4/15/2002.
 
51
W. Yeong, T. Howes, and S. Kille. Lightweight directory access protocol. http://www.ietf.org/rfc/rfc1777.txt, 1995.

CITED BY  4
Andreas Matheus, Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Y.-S Tan , V. Vellanki , J. Xing , B. Topol , G. Dudley, Service domains, IBM Systems Journal, v.43 n.4, p.734-755, January 2004
Ping Wang , Kuo-Ming Chao , Chi-Chun Lo , Chun-Lung Huang , Muhammad Younas, A fuzzy outranking approach in risk analysis of web service security, Cluster Computing, v.10 n.1, p.47-55, March 2007
Sarath Indrakanti , Vijay Varadharajan , Ritesh Agarwal, On the design, implementation and application of an authorisation architecture for web services, International Journal of Information and Computer Security, v.1 n.1/2, p.64-108, January 2007

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection


Keywords:
Web services, XML, access control, security

Collaborative Colleagues:
Reiner Kraft: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player