Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web Services

ICWS-Europe 2003: Web Services - ICWS-Europe 2003 pp 88–100Cite as

Specification and Enforcement of Access Control in Heterogeneous Distributed Applications

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2853))

Abstract

Security is a crucial aspect in any modern software system. We consider in this article the specification and the management of access control in in-house business applications which are coupled over the Internet using Web services. In-house business applications are usually built on a middleware in which security is an established aspect and security management tools are available. The integration of security in SOAP, however, is still an ongoing activity.

Therefore, we propose an access control model for Web services which originates from CORBA-based applications. This integration has the advantage of a unique access control policy for both the CORBA-based in-house application and the Web services. We implemented an infrastructure to enforce the access control policy and a comprehensive set of powerful XML based management tools.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Apache. Axis, http://ws.apache.org/axis/

  2. Apache. Tomcat, http://jakarta.apache.org/tomcat/index.html

  3. Barkley, J., Cincotta, A., Ferraiolo, D., Gavrila, S., Kuhn, D.: Role-based Access Control for the World Wide Web. In: Proc. of the 20th National Information System Security Conference (1997)

    Google Scholar 

  4. Brose, G.: Access Control Management in Distributed Object Systems. PhD thesis, Freie Universität Berlin (2001)

    Google Scholar 

  5. Brose, G.: Raccoon – An infrastructure for managing access control in CORBA. In: Proc. Int. Conference on Distributed Applications and Interoperable Systems (DAIS). Kluwer, Dordrecht (2001)

    Google Scholar 

  6. Brose, G.: Manageable Access Control for CORBA. Journal of Computer Security 4, 301–337 (2002)

    Google Scholar 

  7. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Fine Grained Access Control for SOAP E-Services. In: Proc. of 10th WWW Conference (2001)

    Google Scholar 

  8. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transactions on Information and System Security (TISSEC) 5(2) (2002)

    Google Scholar 

  9. IBM. IBM Video Central for e-business tutorial, Version 7.2 (2002), http://www-106.ibm.com/developerworks/webservices/demos/videocentral/

  10. jiffySoftware. jiffyXACML (April 2003), http://www.jiffysoftware.com/xacml/index.html

  11. Microsoft.Net Framework, http://www.microsoft.com/net/

  12. OASIS. Security Assertion Markup Language (SAML) v1.0 Specification (November 2002)

    Google Scholar 

  13. OASIS. Web Services Security: SOAP Message Security, Working Draft 11 (March 2003)

    Google Scholar 

  14. OASIS. XACML 1.0 Specification (February 2003)

    Google Scholar 

  15. OMG. Common Object Request Broker Architecture: Core Specification V.3.0.2 (December 2002)

    Google Scholar 

  16. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proc. of the 5th ACM Workshop on Role-Based Access Control, July 2000. ACM, New York (2000)

    Google Scholar 

  17. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role–based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  18. Sirer, E.G., Wang, K.: An Access Control Language for Web Services. In: Proc. of 7th ACM Symposium on Access Control Models and Technologies, pp. 23–30. ACM Press, New York (2002)

    Chapter  Google Scholar 

  19. Sun. Sun’s XACML Implementation (2003), http://sunxacml.sourceforge.net/

  20. IONA Technologies. Enterprise Security in Web Services – White Paper (2002)

    Google Scholar 

  21. Vinoski, S.: Web Services Interaction Models. IEEE Internet Computing, 89–91 (May/June 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Freie Universität Berlin, 14195, Berlin, Germany

    Torsten Fink, Manuel Koch & Cristian Oancea

Authors
  1. Torsten Fink
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Koch
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cristian Oancea
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Applied Sciences Furtwangen, 78120, Furtwangen, Germany

    Mario Jeckle

  2. Business Informatics Department, IBM T. J. Watson Research Center, 1101 Kitchawan Road, Route 134, Yorktown Heights, NY 10598, USA

    Liang-Jie Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fink, T., Koch, M., Oancea, C. (2003). Specification and Enforcement of Access Control in Heterogeneous Distributed Applications. In: Jeckle, M., Zhang, LJ. (eds) Web Services - ICWS-Europe 2003. ICWS-Europe 2003. Lecture Notes in Computer Science, vol 2853. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39872-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39872-1_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20125-0

  • Online ISBN: 978-3-540-39872-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation