| Skip to main content | Skip to navigation |

Register Now!

Access Control Enforcement for Conversation-based Web Services

  • Massimo Mecella, Dipartimento di Informatica e Sistemistica, Università di Roma "La Sapienza", Italy
  • Mourad Ouzzani, Cyber Center, Discovery Park Purdue University, USA
  • Federica Paci, Dipartimento di Informatica e Comunicazione Università degli Studi di Milano, Italy
  • Elisa Bertino, CERIAS and Department of Computer Sciences, Purdue University, USA

Full text:

Presentation Slides:

Track: XML and Web Services

Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on the Web. The widespread use of Web services is hindered by the lack of adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based Web services. Our approach takes into account the conversational nature of Web services. This is in contrast with existing approaches to access control enforcement that assume a Web service as a set of independent operations. Furthermore, our approach achieves a tradeoff between the need to protect Web service's access control policies and the need to disclose to clients the portion of access control policies related to the conversations they are interested in. This is important to avoid situations where the client cannot progress in the conversation due to the lack of required security requirements. We introduce the concept of k-trustworthiness that defines the conversations for which a client can provide credentials maximizing the likelihood that it will eventually hit a final state.

Citation

Mecella, M., Ouzzani, M., Paci, F., and Bertino, E. 2006. Access control enforcement for conversation-based web services. In Proceedings of the 15th International Conference on World Wide Web (Edinburgh, Scotland, May 23 - 26, 2006). WWW '06. ACM Press, New York, NY, 257-266.
DOI= http://doi.acm.org/10.1145/1135777.1135818

Organised by

ECS Logo

in association with

BCS Logo ACM Logo

Platinum Sponsors

Sponsor of The CIO Dinner


Become a sponsor or exhibitor
Valid XHTML 1.0! IFIP logo WWW Conference Committee logo Web Consortium logo Valid CSS!