Abstract
Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this purpose. However, since practically every participant can certify capabilities defined in his/her own terminology, determining the semantics of certified capabilities and the trustworthiness of certification authorities are two major challenges in such a setting. In this paper, we show, (1) how certification authorities and their certification policies can be modeled semantically (2) how Web service providers can specify and check the consistency of their access control policies and (3) how end users can check automatically, whether they have access to a Web service.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Agarwal, S., Sprick, B.: Access control for semantic web services. In: 1st International Conference on Web Services (2004)
Agarwal, S., Sprick, B., Wortmann, S.: Credential based access control for semantic web services. In: AAAI Spring Symposium 2004 - Semantic Web Services (2004)
Stefan Kelm, S.S.C.: The pki page – extensive list of certification authorities (2004), http://www.pki-page.org/
Biskup, J., Wortmann, S.: Towards a credential-based implementation of compound access control policies. Technical report, University of Dortmund (2003), http://ls6-www.cs.uni-dortmund.de/issi/publications
Bonatti, P., de Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security (TISSEC) 5(1), 1–35 (2002)
Ankolekar, A., Burstein, M.H., Hobbs, J.R., Lassila, O., Martin, D., McDermott, D.V., McIlraith, S.A., Narayanan, S., Paolucci, M., Payne, T.R., Sycara, K.: DAML-S: Web Service Description for the Semantic Web. In: Horrocks, I., Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, pp. 348–363. Springer, Heidelberg (2002)
Denker, G., Kagal, L., Finin, T., Sycara, K., Paolucci, M.: Security for daml web services: Annotation and matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)
Kagal, L., Paolucci, M., Srinivasan, N., Denker, G., Finin, T., Katia, S.: Authorization and privacy for semantic web services. In: Proc. of AAAI Spring Symposium on Semantic Web Services (2004)
Kagal, L., Finin, T., Joshi, A.: Declarative Policies for Describing Web Service Capabilities and Constraints. In: W3C Workshop on Constraints and Capabilities for Web Services, Oracle Conference Center, Redwood Shores, CA, USA, W3C (2004)
Patwardhan, A., Korolev, V., Kagal, L., Joshi, A.: Enforcing Policies in Pervasive Environments. In: International Conference on Mobile and Ubiquitous Systems: Networking and Services. IEEE, Cambridge (2004)
Kagal, L., Finin, T., Joshi, A.: A Policy Language for A Pervasive Computing Environment. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Agarwal, S., Sprick, B. (2005). Specification of Access Control and Certification Policies for Semantic Web Services. In: Bauknecht, K., Pröll, B., Werthner, H. (eds) E-Commerce and Web Technologies. EC-Web 2005. Lecture Notes in Computer Science, vol 3590. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11545163_35
Download citation
DOI: https://doi.org/10.1007/11545163_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28467-3
Online ISBN: 978-3-540-31736-4
eBook Packages: Computer ScienceComputer Science (R0)