A role based access control for Web services

Author

Wonohoesodo, Roosdiana ; Tari, Zahir

Author_Institution

Sch. of Comput. Sci. & Inf. Technol., R. Melbourne Inst. of Technol. Univ., Vic., Australia

fYear

2004

fDate

15-18 Sept. 2004

Firstpage

49

Lastpage

56

Abstract

Web services are vulnerable to various types of security attacks. We address one type of attacks, where applications trying to access services to which they are not authorized. Existing access control for Web services lack of support for global services. As such services are WAN-based, therefore access control needed to deal with various levels of Web services, including global (for composite services) and local level (for Web servers). We propose two access control: SWS-RBAC (for single services) and CWS-RBAC (for global services). Instead of protecting the content of the service´s parameters, these models protect the parameters themselves. The proposed approach introduces global roles, which are used in the mapping to local roles of other service providers. To maintain the autonomy of roles between providers, an efficient role-mapping mechanism has been proposed accordingly.

Keywords

Internet; XML; authorisation; file servers; CWS-RBAC access control; SWS-RBAC access control; WAN-based services; Web servers; Web services; XML; authorization; composite services; role based access control; role-mapping mechanism; Access control; Australia; Computer science; Information technology; Protection; Security; Simple object access protocol; Web and internet services; Web services; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Services Computing, 2004. (SCC 2004). Proceedings. 2004 IEEE International Conference on

Print_ISBN

0-7695-2225-4

Type

conf

DOI

10.1109/SCC.2004.1357989

Filename

1357989