Architectural Framework for Web Services Authorization

Sarath Indrakanti, Vijay Varadharajan, Michael Hitchens

Abstract

This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The paper also describes authorization algorithms required to authorize a Web service client. The architecture is currently being implemented within the .NET framework.

References

  1. World Wide Web Consortium (W3C), "SOAP v1.2, http://www.w3.org/TR/SOAP/," 2003.
  2. World Wide Web Consortium (W3C), "Web Services Description Language (WSDL) v1.1, http://www.w3.org/TR/wsdl," 2001.
  3. B. Atkinson et al, "Web Services Security (WS-Security) Specification, http://www106.ibm.com/developerworks/webservices/library/ws-secure/," 2002.
  4. S. Anderson et al., "Web Services Trust Language (WS-Trust), http://www106.ibm.com/developerworks/library/specification/ws-trust/," 2005.
  5. V. Varadharajan, "Distributed Authorization: Principles and Practice," in Coding Theory and Cryptology, Lecture Notes Series, Institute for Mathematical Sciences, National University of Singapore: Singapore University Press, 2002.
  6. S. Agarwal, B. Sprick, and S. Wortmann, "Credential Based Access Control for Semantic Web Services," American Association for Artificial Intelligence, 2004.
  7. R. Kraft, "Designing a Distributed Access Control Processor for Network Services on the Web," presented at ACM Workshop on XML Security, Fairfax, VA, USA, 2002.
  8. M. I. Yag├╝e and J. M. Troya, "A Semantic Approach for Access Control in Web Services," presented at Euroweb 2002 Conference. The Web and the GRID: from e-science to ebusiness, Oxford, UK, 2002.
  9. T. Ziebermayr and S. Probst, "Web Service Authorization Framework," presented at International Conference on Web Services (ICWS), San Diego, CA, USA, 2004.
  10. J. Bacon and K. Moody, "Toward open, secure, widely distributed services," Communications of the ACM, vol. 45, pp. 59-64, 2002.
  11. M. B. A. Ankolekar, J. R. Hobbs,O. Lassila, D. McDermott, D. Martin, S. A. McIlraith, S. Narayanan, M. Paolucci, T. Payne, K. Sycara, "DAML-S: Web Service Description for the Semantic Web," presented at 1st International Semantic Web Conference (ISWC), Sardinia, Italy, 2002.
  12. C. M. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. M. Thomson, and T. Ylonen, "Simple public key certificate, http://theworld.com/cme/html/spki.html," 1999.
Download


Paper Citation


in Harvard Style

Indrakanti S., Varadharajan V. and Hitchens M. (2005). Architectural Framework for Web Services Authorization . In Proceedings of the Joint Workshop on Web Services and Model-Driven Enterprise Information Systems - Volume 1: WSMDEIS, (ICEIS 2005) ISBN 972-8865-27-9, pages 97-106. DOI: 10.5220/0002565800970106


in Bibtex Style

@conference{wsmdeis05,
author={Sarath Indrakanti and Vijay Varadharajan and Michael Hitchens},
title={Architectural Framework for Web Services Authorization},
booktitle={Proceedings of the Joint Workshop on Web Services and Model-Driven Enterprise Information Systems - Volume 1: WSMDEIS, (ICEIS 2005)},
year={2005},
pages={97-106},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002565800970106},
isbn={972-8865-27-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Joint Workshop on Web Services and Model-Driven Enterprise Information Systems - Volume 1: WSMDEIS, (ICEIS 2005)
TI - Architectural Framework for Web Services Authorization
SN - 972-8865-27-9
AU - Indrakanti S.
AU - Varadharajan V.
AU - Hitchens M.
PY - 2005
SP - 97
EP - 106
DO - 10.5220/0002565800970106