An extended XACML model to ensure secure information access for web services
作者: Shih-Chien Chou , Chun-Hao Huang
DOI: 10.1016/J.JSS.2009.06.045
关键词:
摘要: More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing services. This paper proposes an extended XACML model named EXACML to for It is the technique of flow control. Primary features offered by are: (1) both requesters that protected, (2) precise than just ''allow or reject'' policy in existing models, (3) will deny non-secure during execution a even requester allowed invoke service.
elsevier.com
sci-hub.se 参考文章(24)
Marianne Winslett, Kent E. Seamons, Ting Yu, Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. network and distributed system security symposium. ,(2001)
R. Wonohoesodo, Z. Tari, A role based access control for Web services ieee international conference on services computing. pp. 49- 56 ,(2004) , 10.1109/SCC.2004.1357989
A. Matheus, How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) hawaii international conference on system sciences. pp. 168- ,(2005) , 10.1109/HICSS.2005.300
Hristo Koshutanski, Fabio Massacci, Interactive Credential Negotiation for Stateful Business Processes Lecture Notes in Computer Science. pp. 256- 272 ,(2005) , 10.1007/11429760_18
Shamimabi Paurobally, Nicholas R. Jennings, Protocol engineering for web services conversations Engineering Applications of Artificial Intelligence. ,vol. 18, pp. 237- 254 ,(2005) , 10.1016/J.ENGAPPAI.2004.12.005
Hai-bo Shen, Fan Hong, An Attribute-Based Access Control Model for Web Services parallel and distributed computing: applications and technologies. pp. 74- 79 ,(2006) , 10.1109/PDCAT.2006.28
Hristo Koshutanski, Fabio Massacci, An access control framework for business processes for web services workshop on xml security. pp. 15- 24 ,(2003) , 10.1145/968559.968562
Shih-Chien Chou, Embedding role-based access control model in object-oriented systems to protect privacy Journal of Systems and Software. ,vol. 71, pp. 143- 161 ,(2004) , 10.1016/S0164-1212(02)00158-9
Allaoua Maamir, Abdelaziz Fellah, Adding Flexibility in Information Flow Control for Object-Oriented Systems Using Versions International Journal of Software Engineering and Knowledge Engineering. ,vol. 13, pp. 313- 325 ,(2003) , 10.1142/S0218194003001317
Emin Gün Sirer, Ke Wang, An access control language for web services symposium on access control models and technologies. pp. 23- 30 ,(2002) , 10.1145/507711.507715