An Access Control System for Business Processes for Web Services

Koshutanski, Hristo and Massacci, Fabio (2002) An Access Control System for Business Processes for Web Services. UNSPECIFIED. (Unpublished)

Download (584Kb) | Preview


    Web Services and Business Processes for Web Services are the new paradigms for the lightweight integration of business from different enterprises. Whereas the security and access control policies for basic web services and distributed systems are well studied and almost standardized, there is not yet a comprehensive proposal for an access control architecture for business processes. The major difference is that business process describe complex services that cross organizational boundaries and are provided by entities that sees each other as just partners and nothing else. This calls for a number of differences with traditional aspects of access control architectures such as: - credential vs classical user-based access control, - interactive and partner-based vs one-server-gathers-all requests of credentials from clients, - controlled disclosure of information vs all-or-nothing access control decisions, - abducing missing credentials for fulfilling requests vs deducing entailment of valid requests from credentials in formal models, - "source-code" authorization processes vs data describing policies for communicating policies or for orchestrating the work of authorization servers. Looking at the access control field we find good approximation of most components but not their synthesis into one access control architecture for business processes for web services, which is the contribution of this paper.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA075 Electronic computers. Computer science
    Uncontrolled Keywords: Web services, interactive access control, e-business, security management, distributed systems security, controlled disclosure
    Report Number: DIT-02-102
    Repository staff approval on: 16 Jul 2003

    Actions (login required)

    View Item