Abstract
The design of effective access control models, to meet the unique challenges posed by the web services paradigm, is a current research focus. Despite recent advances in this field, solutions are generally limited to controlling access to single operations of request-response nature. To ensure that a service is used appropriately, message exchanges can be grouped into conversations consisting of related messages that are governed by sequence constraints. Towards addressing the security of message exchanges, this paper describes an access control model for web services conversations. A trust and context aware access control model is presented that promotes the seamless execution of operations contained by web services conversations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, S., Bohren, J., Boubez, T., Chanliau, M., Della-Libera, G., Dixon, B.: Web Services Secure Conversation Language (WS-SecureConversation) (February 2005)
Atkinson, B., et al.: Web Services Security (WS-Security), Version 1.0 (5 April 2002), http://www.verisign.com/wss/wss.pdf
Banerji, A., Bartolini, C., Beringer, D., Chopella, V., Govindarajan, K., Karp, A.: Web Services Conversation Language (WSCL) (2002), http://www.w3.org/TR/wscl10/
Benatallah, B., Casati, F., Toumani, F., Hamadi, R.: Conceptual Modeling of Web Service Conversations. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 449–467. Springer, Heidelberg (2003)
Bhatti, R., Bertino, E., Ghafoor, A.: A Trust-Based Context-Aware Access Control Model for Web-Services. Distributed and Parallel Databases archive 18(1), 83–105 (2005)
Bhatti, R., Bertino, E., Ghafoor, A.: An integrated approach to federated identity and privilege management in open systems. Commun. ACM 50(2), 81–87 (2007)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The role of trust management in distributed systems security. In Proceedings of Fourth International Workshop on Mobile Object Systems: Secure Internet Mobile Computations. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)
Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: SACMAT 2006, pp. 49–58 (2006)
Coetzee, M., Eloff, J.H.P.: Towards Web Services access control. Computers and Security 23(7) (2004)
Coetzee, M., Eloff, J.H.P.: Autonomous trust for Web Services. Internet Research 15(5) (2005)
Coetzee, M., Eloff, J.H.P.: A Framework for Web Services Trust. In: 21st IFIP International Information Security Conference, Security and Privacy in Dynamic Environments, Karlstad University, 22 - 24 May, 2006, Karlstad, Sweden (2006)
Damiani, E., De Capitani Di Vimercati, S., Paraboschi, S., Samarati, P.: Fine-grained access control for SOAP e-services. In: Proceedings of the 10th International World Wide Web Conference (WWW10), May 1-5, 2001, Hong Kong (2001)
Della-Libera, G., et al.: Web Services Trust Language (WS-Trust) (2003), http://www.ibm.com/developerworks/library/ws-trust/index.html
Dey, A., Abowd, G.D.: Towards a Better Understanding of Context and Context-Awareness. In: The Workshop on The What, Who, Where, When, and How of Context-Awareness, 2000 Conference on Human Factors in Computing Systems, The Hague, The Netherlands (2000)
Dimitrakos, T.: A service-oriented trust management framework. In: Falcone, R., Barber, S., Korba, L., Singh, M.P. (eds.) AAMAS 2002. LNCS (LNAI), vol. 2631, pp. 53–72. Springer, Heidelberg (2003)
Gottschalk, K., Graham, S., Kreger, H., Snell, J.: Introduction to web services architecture. IBM Systems Journal 41(2) (2002)
Mecella, M., Ouzzani, M., Paci, F., Bertino, E.: Access control enforcement for conversation-based web services. In: WWW 2006, pp. 257–266 (2006)
Miao, L., He-Qing, G., Jin-Dian, S.: An attribute and role based access control model for Web services. In: International Conference on Machine Learning and Cybernetics, vol. 2, pp. 1302–1306 (2005)
Olson, L., Winslett, M., Tonti, G., Seeley, N., Uszok, A., Bradshaw, J.M.: Trust Negotiation as an Authorization Service for Web Services. In: ICDE Workshops, vol. 21 (2006)
Paurobally, S., Jennings, N.R.: Protocol engineering for web services conversations. Engineering Applications of Artificial Intelligence 18(2), 237–254 (2005)
Shen, H., Hong, F.: An Attribute-Based Access Control Model for Web Services. In: Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 74–79 (2006)
Wonohoesodo, R., Tari, Z.: A Role based Access Control for Web Services, Services Computing. In: IEEE International Conference on (SCC 2004), pp. 49–56 (2004)
Jajodia, S., Samarati, P., Subramanian, V.S.: A logical language for expressing authorisations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, Los Alamitos (1997)
Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust-management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coetzee, M., Eloff, J.H.P. (2007). A Trust and Context Aware Access Control Model for Web Services Conversations. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)