Improving Access Control for Mobile Consumers of Services by Use of Context and Trust within the Call-Stack
Access control is a key issue in the deployment of systems within corporations. To comply with legal and business requirements and to prevent unauthorized access, the identification and authentication of all users is required. This is typically achieved by using an access control system that performs the identification & authentication of each user at the point of entry into the system. However, as the systems evolve and thus become more complex it is difficult to ensure reliable access control, especially if they are accessed via mobile devices. This paper focuses on improving the existing access control approach for service-oriented systems by applying the concept of device comfort to service providers. Similar to the concept of device comfort, service providers are empowered to decide if they feel comfortable with requests sent to them. This paper presents and evaluates the idea of integrating trust evaluations into service-oriented systems by requiring each service provider to evaluate the trustworthiness of requests and to share their evaluations as part of the call-context within the call-stack.
KeywordsTrust Web Services Distributed Trust Management Mobile Clients Call-Stack
Unable to display preview. Download preview PDF.
- 1.Portio Research: “Portio Research Mobile Factbook 2009”, 37 pages (2009)Google Scholar
- 2.Yates, S.: Forester: Worldwide PC Adoption Forecast, 2007 To 2015, It’s Time To Focus On Emerging Markets For Future Growth, 21 pages (June 11, 2007) Google Scholar
- 3.Milanesi, C., et al.: ”Gartner: Competitive Landscape: Mobile Devices, Worldwide, 2009”, 11 pages (August 11, 2009) Google Scholar
- 4.Beccue, M.: ABI-Research Report RR-MCC: “Mobile Cloud Computing”, 64 pages (2009)Google Scholar
- 5.Schulte, R., Natis, Y.: Service Oriented Architecture, Gartner (April 12, 1996)Google Scholar
- 6.Four Tenets of Service Orientation, http://msdn.microsoft.com/msdnmag/issues/04/01/Indigo/default.aspx
- 7.Chatarji, J.: Introduction to Service Oriented Architecture, SOA, 5 pages (2004), http://www.devshed.com/c/a/Web-Services/Introduction-to-Service-Oriented-Architecture-SOA
- 8.Marsh, S., Briggs, P.: Defining and investigating Device comfort. In: IFIPTM 2010, pp. 17–24 (2010)Google Scholar
- 9.Wang, Y., Vassileva, J.: Toward Trust and Reputation Based Web Service Selection: A Survey. International Transactions on Systems Science and Applications 3(2), 118–132 (2007); (invited paper in the special Issue on New tendencies on Web Services and Multi-agent Systems (WS-MAS))Google Scholar
- 10.Maximilien, E., Singh, M.: Toward autonomic web services trust and selection. In: ICSOC 2004, pp. 212–221 (2004)Google Scholar
- 11.CAS, http://msdn.microsoft.com/en-us/library/c5tk9z76(v=vs.71).aspxGoogle Scholar
- 12.Fielding, R.: Architectural Styles and the Design of Network-based Software Architectures, Dissertation University of Irvine (2000), http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm