getCITED   
  Home     Search     Add Content     Reports     Help  
Edit Publication | Edit Contributors | Delete Publication | Edit References | Edit Citations
Add to Bookstack | Show Bookstack | Change Bookstack

Web Services Security Architectures Composition and Contract Design using RBAC
Post a Comment
CONTRIBUTORS:
  Author D.Shravani
  Author Dr.P.Suresh Varma
  Author Dr.B.Padmaja Rani
  Author Dr.D.Sravan Kumar
  Author M.Upendra Kumar
JOURNAL:
  International Journal on Computer Science and Engineering (IJCSE), 2(8), 2609 - 2615.
YEAR: 2010
PUB TYPE: Journal Article
SUBJECT(S): Web Services, Security Architectures, Role- Based Access Control
DISCIPLINE: Computer Science
HTTP: http://www.enggjournals.com/ijcse/doc/IJCSE10-02-08-115.pdf
LANGUAGE: English
PUB ID: 103-488-809 (Last edited on 2011/06/13 22:29:22 GMT-6)
SPONSOR(S):
 
ABSTRACT:
Service Oriented Architecture�s Web Services authorization traditionally is done using common access control models like Role-Based Access Control. In thinking of a composite application that stitches together the capabilities of multiple services, any action in the composite app should ideally check the access control rules of all constituent services before initiating an action. The Web Services Access controls are categorized according to access control granularity and have two approaches: The first approach supports a negotiation-based attribute-based access control to Web Services with fine access granularity. The second approach is tailored to access control for conversation-based Web services and composite services; where in a Web Service is not considered as a set of independent operations and therefore access control must take such dependencies into account. During a Web Services invocation, a client interacts with the service, performing a sequence of operations in a particular order called conversation. In this paper, we want to propose strategies for analyzing and managing Role Based Access Control policies for designing Security Architectures for web services. We validate role-based access control with a case study, where in access decisions are based on the roles that individual users have as part of an organization. Users take on assigned roles. The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization. Access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. For example, within a hospital system the role of doctor can include operations to perform diagnosis, prescribe medication, and order laboratory tests; and the role of researcher can be limited to gathering anonymous clinical information for studies. The use of roles to control access can be an effective means for developing and enforcing enterprise-specific security policies, and for streamlining the security management process. Under the RBAC framework, users are granted membership into roles based on their competencies and responsibilities in the organization. The operations that a user is permitted to perform are based on the user's role.
STATISTICS
Click on # to view
 Citations  
 References  
 Comments  
 Quality      0/0.00 
 Interest      0/0.00 
 View(er)s   1/89 
Quality
  N/A
High
  7
  6
  5
  4
  3
  2
  1
Low
Interest
  N/A
High
  7
  6
  5
  4
  3
  2
  1
Low
Prev | Next
    ABOUT getCITED   |    CONTACT US   |    USER INFO   |    PREFERENCES   |    PRIVACY   |    LOG IN   
Comments? Suggestions? Send them to feedback@getCITED.org.

Copyright © 2000-2013 getCITED Inc. All Rights Reserved.