Abstract
Security is a crucial aspect in any modern software system. We consider in this article the specification and the management of access control in in-house business applications which are coupled over the Internet using Web services. In-house business applications are usually built on a middleware in which security is an established aspect and security management tools are available. The integration of security in SOAP, however, is still an ongoing activity.
Therefore, we propose an access control model for Web services which originates from CORBA-based applications. This integration has the advantage of a unique access control policy for both the CORBA-based in-house application and the Web services. We implemented an infrastructure to enforce the access control policy and a comprehensive set of powerful XML based management tools.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Apache. Axis, http://ws.apache.org/axis/
Apache. Tomcat, http://jakarta.apache.org/tomcat/index.html
Barkley, J., Cincotta, A., Ferraiolo, D., Gavrila, S., Kuhn, D.: Role-based Access Control for the World Wide Web. In: Proc. of the 20th National Information System Security Conference (1997)
Brose, G.: Access Control Management in Distributed Object Systems. PhD thesis, Freie Universität Berlin (2001)
Brose, G.: Raccoon – An infrastructure for managing access control in CORBA. In: Proc. Int. Conference on Distributed Applications and Interoperable Systems (DAIS). Kluwer, Dordrecht (2001)
Brose, G.: Manageable Access Control for CORBA. Journal of Computer Security 4, 301–337 (2002)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Fine Grained Access Control for SOAP E-Services. In: Proc. of 10th WWW Conference (2001)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transactions on Information and System Security (TISSEC) 5(2) (2002)
IBM. IBM Video Central for e-business tutorial, Version 7.2 (2002), http://www-106.ibm.com/developerworks/webservices/demos/videocentral/
jiffySoftware. jiffyXACML (April 2003), http://www.jiffysoftware.com/xacml/index.html
Microsoft.Net Framework, http://www.microsoft.com/net/
OASIS. Security Assertion Markup Language (SAML) v1.0 Specification (November 2002)
OASIS. Web Services Security: SOAP Message Security, Working Draft 11 (March 2003)
OASIS. XACML 1.0 Specification (February 2003)
OMG. Common Object Request Broker Architecture: Core Specification V.3.0.2 (December 2002)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proc. of the 5th ACM Workshop on Role-Based Access Control, July 2000. ACM, New York (2000)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role–based access control models. IEEE Computer 29(2), 38–47 (1996)
Sirer, E.G., Wang, K.: An Access Control Language for Web Services. In: Proc. of 7th ACM Symposium on Access Control Models and Technologies, pp. 23–30. ACM Press, New York (2002)
Sun. Sun’s XACML Implementation (2003), http://sunxacml.sourceforge.net/
IONA Technologies. Enterprise Security in Web Services – White Paper (2002)
Vinoski, S.: Web Services Interaction Models. IEEE Internet Computing, 89–91 (May/June 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fink, T., Koch, M., Oancea, C. (2003). Specification and Enforcement of Access Control in Heterogeneous Distributed Applications. In: Jeckle, M., Zhang, LJ. (eds) Web Services - ICWS-Europe 2003. ICWS-Europe 2003. Lecture Notes in Computer Science, vol 2853. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39872-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-39872-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20125-0
Online ISBN: 978-3-540-39872-1
eBook Packages: Springer Book Archive