Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on the Web. The widespread use of Web services is hindered by the lack of adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based Web services. Our approach takes into account the conversational nature of Web services. This is in contrast with existing approaches to access control enforcement that assume a Web service as a set of independent operations. Furthermore, our approach achieves a tradeoff between the need to protect Web service's access control policies and the need to disclose to clients the portion of access control policies related to the conversations they are interested in. This is important to avoid situations where the client cannot progress in the conversation due to the lack of required security requirements. We introduce the concept of k-trustworthiness that defines the conversations for which a client can provide credentials maximizing the likelihood that it will eventually hit a final state.

Access control enforcement for conversation-based web services / Mecella, Massimo; Mourad, Ouzzani; Federica, Paci; Elisa, Bertino. - (2006), pp. 257-266. (Intervento presentato al convegno 15th International Conference on World Wide Web tenutosi a Edinburgh, Scotland nel 23 May 2006 through 26 May 2006) [10.1145/1135777.1135818].

Access control enforcement for conversation-based web services

MECELLA, Massimo;
2006

Abstract

Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on the Web. The widespread use of Web services is hindered by the lack of adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based Web services. Our approach takes into account the conversational nature of Web services. This is in contrast with existing approaches to access control enforcement that assume a Web service as a set of independent operations. Furthermore, our approach achieves a tradeoff between the need to protect Web service's access control policies and the need to disclose to clients the portion of access control policies related to the conversations they are interested in. This is important to avoid situations where the client cannot progress in the conversation due to the lack of required security requirements. We introduce the concept of k-trustworthiness that defines the conversations for which a client can provide credentials maximizing the likelihood that it will eventually hit a final state.
2006
15th International Conference on World Wide Web
access control; conversations; transition systems; web services
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Access control enforcement for conversation-based web services / Mecella, Massimo; Mourad, Ouzzani; Federica, Paci; Elisa, Bertino. - (2006), pp. 257-266. (Intervento presentato al convegno 15th International Conference on World Wide Web tenutosi a Edinburgh, Scotland nel 23 May 2006 through 26 May 2006) [10.1145/1135777.1135818].
File allegati a questo prodotto
File Dimensione Formato  
VE_2006_11573-56342.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 348.69 kB
Formato Adobe PDF
348.69 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/56342
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 46
  • ???jsp.display-item.citation.isi??? ND
social impact