A fine-grained access control model for Web services

E. Bertino, Anna Squicciarini, D. Mevi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Citations (Scopus)

Abstract

The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.

Original languageEnglish (US)
Title of host publicationProceedings - 2004 IEEE International Conference on Services Computing, SCC 2004
EditorsL.J. Zhang, M. Li, A.P. Sheth, K.G. Jeffery
Pages33-40
Number of pages8
DOIs
StatePublished - Oct 11 2004
EventProceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 - Shanghai, China
Duration: Sep 15 2004Sep 18 2004

Publication series

NameProceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

Other

OtherProceedings - 2004 IEEE International Conference on Services Computing, SCC 2004
CountryChina
CityShanghai
Period9/15/049/18/04

Fingerprint

Access control
Web services
Internet

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Cite this

Bertino, E., Squicciarini, A., & Mevi, D. (2004). A fine-grained access control model for Web services. In L. J. Zhang, M. Li, A. P. Sheth, & K. G. Jeffery (Eds.), Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 (pp. 33-40). (Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004). https://doi.org/10.1109/RIDE.2004.1281700
Bertino, E. ; Squicciarini, Anna ; Mevi, D. / A fine-grained access control model for Web services. Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004. editor / L.J. Zhang ; M. Li ; A.P. Sheth ; K.G. Jeffery. 2004. pp. 33-40 (Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004).
@inproceedings{ea5f3b6068ec45c482043258bcfc2252,
title = "A fine-grained access control model for Web services",
abstract = "The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.",
author = "E. Bertino and Anna Squicciarini and D. Mevi",
year = "2004",
month = "10",
day = "11",
doi = "10.1109/RIDE.2004.1281700",
language = "English (US)",
isbn = "0769522254",
series = "Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004",
pages = "33--40",
editor = "L.J. Zhang and M. Li and A.P. Sheth and K.G. Jeffery",
booktitle = "Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004",

}

Bertino, E, Squicciarini, A & Mevi, D 2004, A fine-grained access control model for Web services. in LJ Zhang, M Li, AP Sheth & KG Jeffery (eds), Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004. Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004, pp. 33-40, Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004, Shanghai, China, 9/15/04. https://doi.org/10.1109/RIDE.2004.1281700

A fine-grained access control model for Web services. / Bertino, E.; Squicciarini, Anna; Mevi, D.

Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004. ed. / L.J. Zhang; M. Li; A.P. Sheth; K.G. Jeffery. 2004. p. 33-40 (Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A fine-grained access control model for Web services

AU - Bertino, E.

AU - Squicciarini, Anna

AU - Mevi, D.

PY - 2004/10/11

Y1 - 2004/10/11

N2 - The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.

AB - The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important issue is represented by the development of suitable access control models, able to restrict access to Web services to authorized users. In this paper we present an innovative access control model for Web services. The model is characterized by a number of key features, including identity attributes and service negotiation capabilities. We also discuss an architecture implementing the model and we propose the use of a certificate scheme able to support the exchange and verification of subject attributes.

UR - http://www.scopus.com/inward/record.url?scp=4644227527&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4644227527&partnerID=8YFLogxK

U2 - 10.1109/RIDE.2004.1281700

DO - 10.1109/RIDE.2004.1281700

M3 - Conference contribution

AN - SCOPUS:4644227527

SN - 0769522254

SN - 9780769522258

T3 - Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

SP - 33

EP - 40

BT - Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004

A2 - Zhang, L.J.

A2 - Li, M.

A2 - Sheth, A.P.

A2 - Jeffery, K.G.

ER -

Bertino E, Squicciarini A, Mevi D. A fine-grained access control model for Web services. In Zhang LJ, Li M, Sheth AP, Jeffery KG, editors, Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004. 2004. p. 33-40. (Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004). https://doi.org/10.1109/RIDE.2004.1281700