Abstract
This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The proposed architecture has several benefits. It is able to support legacy applications exposed as Web services as well as new Web service based applications built to leverage the benefits offered by the service oriented architecture; it can support multiple access control models and mechanisms and is decentralized and distributed and provides flexible management and administration of Web services and related authorization information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to exposed Web services. The architecture is currently being implemented within the .NET framework.
Download to read the full chapter text
Chapter PDF
References
Wilkes, S., Harby, J.: SOA Blueprints Concepts Draft v0.5. Technical report, The Middleware Research Company (June 2004)
Atkinson, B., Della-Libera, G., Hada, S., Hondo, M., et al.: Web Services Security (WS-Security) Specification (2002), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
Varadharajan, V.: Distributed Authorization: Principles and Practice. In: Coding Theory and Cryptology, Lecture Notes Series. Institute for Mathematical Sciences, National University of Singapore. Singapore University Press (2002)
Beznosov, K., Deng, Y., Blakley, B., Barkley, J.: A Resource Access Decision Service for CORBA-based Distributed Systems. In: Proceedings of the 15th Annual Computer Security Applications Conference, p. 310. IEEE Computer Society, Los Alamitos (1999)
Kraft, R.: Designing a Distributed Access Control Processor for Network Services on the Web. In: ACM Workshop on XML Security, Fairfax, VA, USA (2002)
Yague, M.I., Troya, J.M.: A Semantic Approach for Access Control in Web Services. In: Euroweb 2002 Conference. The Web and the GRID: from e-science to e-business, Oxford, UK, pp. 483–494 (2002)
Agarwal, S., Sprick, B., Wortmann, S.: Credential Based Access Control for Semantic Web Services. In: American Association for Artificial Intelligence (2004)
Ziebermayr, T., Probst, S.: Web Service Authorization Framework. In: International Conference on Web Services (ICWS), San Diego, CA, USA (2004)
Godik, S., Moses, T.: eXtensible Access Control Markup Language v1.1 (XACML), (August 07, 2003)
Andrews, T., Curbera, F., Dholakia, H., Goland, Y., et al.: Business Process Execution Language for Web Services v1.1, BPEL4WS (2003), http://www-128.ibm.com/developerworks/library/ws-bpel/
Kraft, R.: A Model for Network Services on the Web. In: The 3rd International Conference on Internet Computing (IC 2002), vol. 3, pp. 536–541 (2002)
Indrakanti, S.: On the Design of an Authorization Architecture for Web Services. Technical report, Macquarie University, Sydney, Australia (January 2005)
Della-Libera, G., Hallam-Baker, P., Hondo, M., Janczuk, T., et al.: Web Services Security Policy Language (WS-SecurityPolicy) (2002), http://www-106.ibm.com/developerworks/library/ws-secpol/
Bajaj, S., Box, D., Chappell, D., Curbera, F., et al.: Web Services Policy Attachment (WS-PolicyAttachment) (September 2004), http://www-106.ibm.com/developerworks/library/specification/ws-polatt/
Microsoft Corporation.NET Framework (2005), http://msdn.microsoft.com/netframework/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Indrakanti, S., Varadharajan, V. (2005). An Authorization Architecture for Web Services. In: Jajodia, S., Wijesekera, D. (eds) Data and Applications Security XIX. DBSec 2005. Lecture Notes in Computer Science, vol 3654. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11535706_17
Download citation
DOI: https://doi.org/10.1007/11535706_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28138-2
Online ISBN: 978-3-540-31937-5
eBook Packages: Computer ScienceComputer Science (R0)