Access control enforcement for conversation-based web services
作者: Massimo Mecella , Mourad Ouzzani , Federica Paci , Elisa Bertino
关键词:
摘要: Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on Web. The widespread use of Web services hindered by lack adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based services. Our takes into account conversational nature This contrast with existing approaches enforcement that assume service set independent operations. Furthermore, our achieves tradeoff between need protect service's policies disclose clients portion related conversations they are interested in. important avoid situations where client cannot progress conversation due required requirements. We introduce concept k-trustworthiness defines which can provide credentials maximizing likelihood it will eventually hit final state.
core.ac.uk
acm.org
www2006.org参考文章(21)
Halvard Skogsrud, Boualem Benatallah, Fabio Casati, Trust-serv Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 53- 62 ,(2004) , 10.1145/988672.988680
Robert Tarjan, Depth-First Search and Linear Graph Algorithms SIAM Journal on Computing. ,vol. 1, pp. 146- 160 ,(1972) , 10.1137/0201010
Agostino Dovier, Carla Piazza, Alberto Policriti, An efficient algorithm for computing bisimulation equivalence Theoretical Computer Science. ,vol. 311, pp. 221- 256 ,(2004) , 10.1016/S0304-3975(03)00361-X
Elisa Bertino, Anna C. Squicciarini, Lorenzo Martino, Federica Paci, An Adaptive Access Control Model for Web Services International Journal of Web Services Research. ,vol. 3, pp. 27- 60 ,(2006) , 10.4018/JWSR.2006070102
Claudio Agostino Ardagna, Ernesto Damiani, Sabrina De Capitani Di Vimercati, Pierangela Samarati, None, A Web Service Architecture for Enforcing Access Control Policies Electronic Notes in Theoretical Computer Science. ,vol. 142, pp. 47- 62 ,(2006) , 10.1016/J.ENTCS.2004.09.044
Diego Calvanese, Massimo Mecella, Daniela Berardi, Giuseppe De Giacomo, Richard Hull, Automatic composition of transition-based semantic web services with messaging very large data bases. pp. 613- 624 ,(2005)
E. Bertino, R. Sandhu, Database security - concepts, approaches, and challenges IEEE Transactions on Dependable and Secure Computing. ,vol. 2, pp. 2- 19 ,(2005) , 10.1109/TDSC.2005.9
Maria Grazia Fugini, Giancarlo Martella, Pierangela Samarati, Silvana Castano, Database Security ,(1994)
Pierangela Samarati, Sabrina De Capitani Di Vimercati, Access control : Policies, models, and mechanisms Lecture Notes in Computer Science. pp. 137- 196 ,(2001)
Marianne Winslett, Kent E. Seamons, Ting Yu, Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. network and distributed system security symposium. ,(2001)