Interactive Access Control for Web Services

Koshutanski, Hristo and Massacci, Fabio (2004) Interactive Access Control for Web Services. UNSPECIFIED. (In Press)

Download (495Kb) | Preview


    Business Processes for Web Services (BPEL4WS) are the new paradigms for lightweight enterprise integration. They cross organizational boundaries and are provided by entities that see each other just as business partners. Web services require shift in the access control mechanism: from identity-based access control to trust management and negotiation, but this is not enough for cross organizational business processes. For many businesses no partner may guess a priori what kind of credentials will be sent by clients and clients may not know a priori which credentials are required for completing a business process. We propose a logical framework for reasoning about access control for BPEL4WS and a BPEL4WS based implementation using Collaxa server. Our model is based on interaction and exchange of requests for supplying or declining missing credentials. We identify the formal reasoning services (deduction, abduction, consistency checking) that characterise the problem and discuss their implementation.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA075 Electronic computers. Computer science
    Uncontrolled Keywords: Web Services, Interactive Access Control, Security Management, Distributed Systems Security, Controlled Disclosure, Logics for Access Control.
    Additional Information: In proceedings of the 19th IFIP International Information Security Conference (SEC), (August 2004), Toulouse, France.
    Report Number: DIT-04-031
    Repository staff approval on: 08 Jun 2004

    Actions (login required)

    View Item