Abstract
In this paper we present our authorization framework that supports the dynamic set-up of Web service federations for sharing data within virtual federations. Building on previous work, where we showed how the access control of Web services can be consolidated with the access control of the underlying database systems, we focus on the delegation of trust across administrative boundaries, thus enabling inter-organizational collaboration. In order to restrict the flow of (possibly sensitive) access control information, authorization proceeds as an interplay of local and distributed policy enforcement. Scalability and performance of distributed policy enforcement are provided through caching techniques, which have to ensure strong cache consistency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wimmer, M., Eberhardt, D., Ehrnlechner, P., Kemper, A.: Reliable and Adaptable Security Engineering for Database-Web Services. In: Koch, N., Fraternali, P., Wirsing, M. (eds.) ICWE 2004. LNCS, vol. 3140, pp. 502–515. Springer, Heidelberg (2004)
Keidl, M., Seltzsam, S., Stocker, K., Kemper, A.: ServiceGlobe: Distributing E-Services across the Internet (Demonstration). In: Proceedings of the International Conference on Very Large Data Bases (VLDB), Hong Kong, China, August 2002, pp. 1047–1050 (2002)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Moses, T., Anderson, A., Nadalin, A., Parducci, B., Engovatov, D., et al. (eds.): eXtensible Access Control Markup Language (XACML) version 2.0 (December 2004), http://www.org/committees/tc_home.php?wg_abbrev=xacml (last visited 06/20/05)
Anderson, A.: Core and Hierarchical Role Based Access Control RBAC Profile of XACML version 2.0. (September 2004), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml (last visited 06/20/05)
Cao, L.Y., Özsu, M.T.: Evaluation of Strong Consistency Web Caching Techniques. World Wide Web 5(2), 95–124 (2002)
Gray, C., Cheriton, D.: Leases: An Efficient Fault-tolerant Mechanism for Distributed File Cache Consistency. In: Proceedings of the Twelfth ACM Symposium on Operating Systems Srinciples, pp. 202–210. ACM Press, New York (1989)
Adamic, L.A., Huberman, B.A.: Zipf’s Law and the Internet. Glottometrics 3, 143–150 (2002)
Pearlman, L., Welch, I.F.V., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY), Monterey, CA, USA, June 2002, pp. 50–59. IEEE Computer Society, Los Alamitos (2002)
Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-based Trust Management Framework. In: Proc. IEEE Symposium on Security and Privacy, Oakland, May 2002, pp. 114–130 (2002)
Freudenthal, E., et al.: dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In: Proceedings of the Twenty-second IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, July 2002, pp. 411–420 (2002)
Jajodia, S., et al.: Flexible Support for Multiple Access Control Policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)
Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) (last visited 06/20/05) (Mar 2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Nadalin, A., Kahler, C., Hallam-Baker, P., Monzillo, R.: et al., Web Services Security (WS-Security) (last visited 06/20/05) (Mar 2004), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wimmer, M., Kemper, A. (2005). An Authorization Framework for Sharing Data in Web Service Federations. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_4
Download citation
DOI: https://doi.org/10.1007/11552338_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)