Abstract.
Remote service invocation via HTTP and XML promises to become an important component of the Internet infrastructure. Work is ongoing in the W3C XML Protocol Working Group to define a common standard, and solutions like SOAP and XML-RPC are already used in a few situations, demonstrating the potential. However, no standard technique for access control security is currently defined for these protocols. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that comprise a SOAP call. The result is a simple yet general technique to specify and enforce fine-grained access control for e-services.
Similar content being viewed by others
Author information
Authors and Affiliations
Additional information
Published online: 13 November 2001
Rights and permissions
About this article
Cite this article
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. et al. Securing SOAP e-services. IJIS 1, 100–115 (2002). https://doi.org/10.1007/s102070100009
Issue Date:
DOI: https://doi.org/10.1007/s102070100009