An Authorization Framework for Sharing Data in Web Service Federations

Wimmer, Martin; Kemper, Alfons

doi:10.1007/11552338_4

Martin Wimmer¹⁸ &
Alfons Kemper¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3674))

Included in the following conference series:

Workshop on Secure Data Management

588 Accesses
2 Citations

Abstract

In this paper we present our authorization framework that supports the dynamic set-up of Web service federations for sharing data within virtual federations. Building on previous work, where we showed how the access control of Web services can be consolidated with the access control of the underlying database systems, we focus on the delegation of trust across administrative boundaries, thus enabling inter-organizational collaboration. In order to restrict the flow of (possibly sensitive) access control information, authorization proceeds as an interplay of local and distributed policy enforcement. Scalability and performance of distributed policy enforcement are provided through caching techniques, which have to ensure strong cache consistency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Wimmer, M., Eberhardt, D., Ehrnlechner, P., Kemper, A.: Reliable and Adaptable Security Engineering for Database-Web Services. In: Koch, N., Fraternali, P., Wirsing, M. (eds.) ICWE 2004. LNCS, vol. 3140, pp. 502–515. Springer, Heidelberg (2004)
Chapter Google Scholar
Keidl, M., Seltzsam, S., Stocker, K., Kemper, A.: ServiceGlobe: Distributing E-Services across the Internet (Demonstration). In: Proceedings of the International Conference on Very Large Data Bases (VLDB), Hong Kong, China, August 2002, pp. 1047–1050 (2002)
Google Scholar
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Article Google Scholar
Moses, T., Anderson, A., Nadalin, A., Parducci, B., Engovatov, D., et al. (eds.): eXtensible Access Control Markup Language (XACML) version 2.0 (December 2004), http://www.org/committees/tc_home.php?wg_abbrev=xacml (last visited 06/20/05)
Anderson, A.: Core and Hierarchical Role Based Access Control RBAC Profile of XACML version 2.0. (September 2004), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml (last visited 06/20/05)
Cao, L.Y., Özsu, M.T.: Evaluation of Strong Consistency Web Caching Techniques. World Wide Web 5(2), 95–124 (2002)
Article Google Scholar
Gray, C., Cheriton, D.: Leases: An Efficient Fault-tolerant Mechanism for Distributed File Cache Consistency. In: Proceedings of the Twelfth ACM Symposium on Operating Systems Srinciples, pp. 202–210. ACM Press, New York (1989)
Chapter Google Scholar
Adamic, L.A., Huberman, B.A.: Zipf’s Law and the Internet. Glottometrics 3, 143–150 (2002)
Google Scholar
Pearlman, L., Welch, I.F.V., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY), Monterey, CA, USA, June 2002, pp. 50–59. IEEE Computer Society, Los Alamitos (2002)
Chapter Google Scholar
Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)
Article Google Scholar
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-based Trust Management Framework. In: Proc. IEEE Symposium on Security and Privacy, Oakland, May 2002, pp. 114–130 (2002)
Google Scholar
Freudenthal, E., et al.: dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In: Proceedings of the Twenty-second IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, July 2002, pp. 411–420 (2002)
Google Scholar
Jajodia, S., et al.: Flexible Support for Multiple Access Control Policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)
Article MATH Google Scholar
Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) (last visited 06/20/05) (Mar 2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Nadalin, A., Kahler, C., Hallam-Baker, P., Monzillo, R.: et al., Web Services Security (WS-Security) (last visited 06/20/05) (Mar 2004), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

Download references

Author information

Authors and Affiliations

Technische Universität München, D-85748, Garching bei München, Germany
Martin Wimmer & Alfons Kemper

Authors

Martin Wimmer
View author publications
You can also search for this author in PubMed Google Scholar
Alfons Kemper
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Philips Research, The Netherlands
Willem Jonker
Information & System Security, Philips Research, High Tech Campus 37 (WY 71), 5656, Eindhoven, AE, The Netherlands
Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wimmer, M., Kemper, A. (2005). An Authorization Framework for Sharing Data in Web Service Federations. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_4

Download citation

DOI: https://doi.org/10.1007/11552338_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics