Skip to main content
SpringerLink
Log in

Efficient Authorization of Rich Presence Using Secure and Composed Web Services

  • Conference paper
Web Information Systems and Technologies (WEBIST 2009)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 45))

Included in the following conference series:

  • 482 Accesses

Abstract

This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Android - An Open Handset Alliance Project, http://code.google.com/android/

  2. Beltran, V., Paradells, J.: Middleware-Based Solution to Offer Mobile Presence Services. In: Mobileware 2008 (February 2008)

    Google Scholar 

  3. Chen, L., Crampton, J.: On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. In: ASIACCS 2008, March 2008, pp. 205–216 (2008)

    Google Scholar 

  4. Chou, W., Li, L., Liu, F.: Web Services Methods for Communication over IP. In: ICWS 2007, Salt Lake City, July 2007, pp. 372–379 (2007)

    Google Scholar 

  5. Chou, W., Li, L.: WIPdroid – a two-way web services and real-time communication enabled mobile computing platform for distributed services computing. In: Proceedings of International Conference on Services Computing 2008, July 2008, vol. 2, pp. 205–212 (2008)

    Google Scholar 

  6. Day, M., Rosenberg, J., Sugano, H.: A Model for Presence and Instant Messaging. RFC 2778 (February 2000)

    Google Scholar 

  7. gSOAP, http://gsoap2.sourceforge.net/

  8. Godefroid, P., Herbsleb, J.D., Jagadeesan, L.J., Li, D.: Ensuring Privacy in Presence Awareness Systems: An Automated Verification Approach. In: Proceedings of the 2000 ACM conference on Computer supported cooperative work, pp. 59–68 (2000)

    Google Scholar 

  9. Hong, J.I., Ng, J.D., Ledere, S., Landay, J.A.: Privacy Risk odels for Designing Privacy-Sensitive Ubiquitous Computing Systems. In: DIS 2004, August 1-4, pp. 91–100 (2004)

    Google Scholar 

  10. Jorns, O.: Privacy Enhancing Architectures Overview. In: Intensive Program on Information and Communication Security: Secure Embedded Systems (IPICS 2004), November 25 (2004)

    Google Scholar 

  11. Langheinrich, M.: Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems. In: Proceedings of the 3rd international conference on Ubiquitous Computing, pp. 273–291 (2001)

    Google Scholar 

  12. Lederer, S., Hong, J.I., Dey, A.K., Landay, J.A.: Personal privacy through understanding and action: five pitfalls for designers. Personal and Ubiquitous Computing 8(6), 440–454 (2004)

    Article  Google Scholar 

  13. Ni, Q., Trombetta, A.: Privacy-aware Role Based Access Control. In: SACMAT 2007, June 2007, pp. 41–50 (2007)

    Google Scholar 

  14. Ni, Q., et al.: Conditional Privacy-Aware Role Based Access Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 72–89. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Parlay, X.: Draft ETSI ES 202 391-14 v0.0.8 (2007-06), Open Service Access (OSA), Parlay X Web Services, Part 14: Presence, Parlay X 2 (2007)

    Google Scholar 

  16. Rosenberg, J.: Request for Comments: 3856, A Presence Event Package for the Session Initiation Protocol (SIP) (August 2004)

    Google Scholar 

  17. Rosenberg, J.: Request for Comments: 5025, Presence Authorization Rules (December 2007)

    Google Scholar 

  18. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proceedings of 5th ACM Workshop on Role Based Access Control, July 26-27 (2000)

    Google Scholar 

  19. Singh, V.K., Schulzrinne, H.: A Survey of Security Issues and Solutions in Presence (2006), http://www1.cs.columbia.edu/~vs2140/presence/presencesecurity.pdf

  20. UDDI Version 2.04 API Specification, UDDI Committee Specification (July 19, 2002)

    Google Scholar 

  21. Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information. In: SACMAT 2004, pp. 11–20 (June 2004)

    Google Scholar 

  22. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004), OASIS Standard Specification, February 1 (2006)

    Google Scholar 

  23. Web Services Eventing (WS-Eventing), W3C Member Submission, March 15 (2006)

    Google Scholar 

  24. Zhang, Y., Joshi, J.B.D.: UAQ: A Framework for User Authorization Query Processing in RBAC extended with Hybrid Hierarchy and Constraints. In: SACMAT 2008, pp. 83–91 (June 2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Avaya Labs Research, Avaya Inc., 233 Mount Airy Road, Basking Ridge, New Jersey, 07920, U.S.A.

    Li Li & Wu Chou

Authors
  1. Li Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wu Chou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Systems and informatics, Institute for Systems and Technologies of Information, Control and Communication (INSTICC) and Instituto Politécnico de Setúbal (IPS), Rua do Vale de Chaves, Estefanilha, 2910-761, Setúbal, Portugal

    José Cordeiro  & Joaquim Filipe  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, L., Chou, W. (2010). Efficient Authorization of Rich Presence Using Secure and Composed Web Services. In: Cordeiro, J., Filipe, J. (eds) Web Information Systems and Technologies. WEBIST 2009. Lecture Notes in Business Information Processing, vol 45. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12436-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12436-5_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12435-8

  • Online ISBN: 978-3-642-12436-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation