A fine-grained access control model for Web services

E. Bertino; A. C. Squicciarini; D. Mevi

doi:10.1109/RIDE.2004.1281700

A fine-grained access control model for Web services

E. Bertino, A. C. Squicciarini, D. Mevi

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

28 Scopus citations

Abstract

The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.

Original language	English (US)
Title of host publication	Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004
Editors	L.J. Zhang, M. Li, A.P. Sheth, K.G. Jeffery
Pages	33-40
Number of pages	8
DOIs	https://doi.org/10.1109/RIDE.2004.1281700
State	Published - Oct 11 2004
Event	Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 - Shanghai, China Duration: Sep 15 2004 → Sep 18 2004

Publication series

Name	Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

Other

Other	Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004
Country/Territory	China
City	Shanghai
Period	9/15/04 → 9/18/04

All Science Journal Classification (ASJC) codes

Engineering(all)

Access to Document

10.1109/RIDE.2004.1281700

Cite this

Bertino, E., Squicciarini, A. C., & Mevi, D. (2004). A fine-grained access control model for Web services. In L. J. Zhang, M. Li, A. P. Sheth, & K. G. Jeffery (Eds.), Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 (pp. 33-40). (Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004). https://doi.org/10.1109/RIDE.2004.1281700

@inproceedings{ea5f3b6068ec45c482043258bcfc2252,

title = "A fine-grained access control model for Web services",

abstract = "The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.",

author = "E. Bertino and Squicciarini, {A. C.} and D. Mevi",

year = "2004",

month = oct,

day = "11",

doi = "10.1109/RIDE.2004.1281700",

language = "English (US)",

isbn = "0769522254",

series = "Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004",

pages = "33--40",

editor = "L.J. Zhang and M. Li and A.P. Sheth and K.G. Jeffery",

booktitle = "Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004",

note = "Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 ; Conference date: 15-09-2004 Through 18-09-2004",

}

Bertino, E, Squicciarini, AC & Mevi, D 2004, A fine-grained access control model for Web services. in LJ Zhang, M Li, AP Sheth & KG Jeffery (eds), Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004. Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004, pp. 33-40, Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004, Shanghai, China, 9/15/04. https://doi.org/10.1109/RIDE.2004.1281700

A fine-grained access control model for Web services. / Bertino, E.; Squicciarini, A. C.; Mevi, D.
Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004. ed. / L.J. Zhang; M. Li; A.P. Sheth; K.G. Jeffery. 2004. p. 33-40 (Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A fine-grained access control model for Web services

AU - Bertino, E.

AU - Squicciarini, A. C.

AU - Mevi, D.

PY - 2004/10/11

Y1 - 2004/10/11

N2 - The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.

AB - The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.

UR - http://www.scopus.com/inward/record.url?scp=4644227527&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4644227527&partnerID=8YFLogxK

U2 - 10.1109/RIDE.2004.1281700

DO - 10.1109/RIDE.2004.1281700

M3 - Conference contribution

AN - SCOPUS:4644227527

SN - 0769522254

SN - 9780769522258

T3 - Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

SP - 33

EP - 40

BT - Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

A2 - Zhang, L.J.

A2 - Li, M.

A2 - Sheth, A.P.

A2 - Jeffery, K.G.

T2 - Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

Y2 - 15 September 2004 through 18 September 2004

ER -

A fine-grained access control model for Web services

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this