Call for Paper - May 2015 Edition
IJCA solicits original research papers for the May 2015 Edition. Last date of manuscript submission is April 20, 2015. Read More
Study of Access Control Issue in Web Services
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 49 - Number 1
Year of Publication: 2012
|
10.5120/7589-7647 |
Abolfazl Esfandi and Mehdi Sabbari. Article: Study of Access Control Issue in Web Services. International Journal of Computer Applications 49(1):11-16, July 2012. Full text available. BibTeX
@article{key:article,
author = {Abolfazl Esfandi and Mehdi Sabbari},
title = {Article: Study of Access Control Issue in Web Services},
journal = {International Journal of Computer Applications},
year = {2012},
volume = {49},
number = {1},
pages = {11-16},
month = {July},
note = {Full text available}
}
Abstract
Security is an important issue that must be well-defined in Service Oriented Architecture (SOA) environment, so that it could be used in implementing the web services. In this article, we focus on one of the important aspects of SOA security, which is access control. The article explains the security requirements that must be followed and proposes a conceptual model of requirements in this field based on the needs. Then every requirement, available techniques and standards in this field is separated and discussed. Since different models such as IBAC,RBAC, ABAC and RAdAC have been presented so far, these existing models are explained. Then a comparison between ABAC model's structure that is more compatible with SOA and RBAC model that is most widely used today is presented.
References
- T. Erl, "SOA: Principles of Service Design, " Prentice Hall/Pearson PTR, 2007.
- J. Wang, A. Yu, X. Zhang and L. Qu, "A Dynamic Data Integration Model Based on SOA, " In: 2009 ISECS International Colloquium on Computing, Communication, Control, and Management, pp. 196-199. IEEE, 2009.
- T. Parveen and S. Tilley, "A Research Agenda for Testing SOA-Based Systems," In: SysCon 2008-IEEE International Systems Conference, Montreal, Canada, April 2008.
- M. P. Papazoglou and W. Van Den Heuvel, "Service oriented architectures: approaches, technologies and research issues," pp. 389-415, Springer-Verlag, 2007.
- J. Eckert, M. Bachhuber, A. Miede, A. Pasageorgiou and R. Steinmetz, "Service-oriented Architectures in the German Banking Industry-A Multi-Participant Case Study," In: 4th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2010), 2010.
- M. Hafner and R. Breu, "Security Engineering for Service-Oriented Architectures, " Springer, 2009.
- V. Jonnaganti, "An Integrated Security Model for the Management of SOA- Improving the attractiveness of SOA Environments through a strong Architectural Integrity, " Master Thesis, University of Gothenburg Department of Applied Information Technology Gothenburg, Sweden, 2009.
- J. Fiere, "SOA Security, " Master Thesis, Faculty of Science Vrije Universiteit Amsterdam, 2007.
- D. Jana, A. Chaudhuri and B. Bhaumik, "Privacy and Anonymity Protection in Computational Grid Services, " International Journal of Computer Science and Applications, Vol, 6, No, 1, pp. 98-107, 2009.
- R. Kanneganti and P. A. Chodavarapu, "SOA Security, " Manning, 2008.
- A. Singhal, T. Winograd and K. Scarfone, "Guide to Secure Web Services, " National Institute of Standards and Technology Special Publication, 2007.
- J. Crampton, H. Wei Lim and K. G. Paterson, "What Can Identity-Based Cryptography Offer to Web Services?, " ACM, Virginia, USA, 2007.
- J. Janssen, "Identity management within an organization, " Master Thesis, Radbound University Nijmegen, 2008.
- A. H. Karp, "Authorization-Based Access Control for the Services Oriented Architecture, " in the Fourth International Conference on Creating, Connecting, and Collaborating through Computing, IEEE, Berkeley, CA, USA, 2006.
- M. Chanliau, "Web Services Security: What's Required To Secure A Service-Oriented Architecture, " An Oracle White Paper, 2006.
- R. S. Sandhu and et al, "Role-Based Access Control Models," IEEE Computer, pp. 38-47, 1996.
- D. F. Ferraiolo and D. R. Kuhn, "Role Based Access Control, " 15th National Computer Security Conf. : 554-563, 1992.
- R. Kuhn, "Role Based Access Control," American National Standards Institute, 2003.
- D. Rolls, "Establishing an operational context for shared role-based access control systems," White Paper, SailPoint Technologies, Jun. 2008.
- E. Yuan and J. Tong, "Attributed Based Access Control (ABAC) for Web Services, " IEEE International Conference on Web Services (ICWS'05), 2005.
- J. Tong, "Attribute based access control: a new access control approach for service oriented architectures," Workshop on New Challenges for Access Control, Ottawa, Canada, Apr. 2005.
- A. H. Karp and J. Li, "Solving the Transitive Access Problem for the Services Oriented Architecture," IEEE International Conference on Availability, Reliability and Security, DOI 10. 1109/ARES, 2010.
- P. C. Cheng, P. Rohatgi, and C. Keser, "Fuzzy MLS: an experiment on quantified risk–adaptive access control," In 2007 Proc. IEEE Symposium on Security and Privacy, pp. 222-230.
- J. WU and C. XI, "The Study on Service Oriented Access Control Model," Second International Conference on Information and Computing Science, IEEE, 2009.
- T. Moses and et al, "eXtensible Access Control Markup Language(XACML) Version 2. 0, " OASIS Standard, 1 Feb 2005.