An access control framework for web services

Show simple item record

dc.contributor.author Coetzee, Marijke
dc.contributor.author Eloff, Jan H.P.
dc.date.accessioned 2007-03-13T15:24:44Z
dc.date.available 2007-03-13T15:24:44Z
dc.date.issued 2005
dc.description.abstract Purpose – To define a framework for access control for virtual applications, enabled through web services technologies. The framework supports the loosely coupled manner in which web services are shared between partners. Design/methodology/approach – A background discussion on relevant literature, with an example is used to illustrate the problem that exists. To enable access control composition, an extension is proposed to authorisation specification language, together with publication of access control requirements of a web service provider. Findings – The framework shows that loosely coupled access control can be made possible by making use of the standard manner in which messages are communicated in XML, and by composing assertions with the access control policy of the provider in a consistent manner. Access to web service methods is only granted if permission can be derived for it, where the derivation step forms a formal proof. Research limitations/implications – A basic framework has been defined. An architecture to support it must be defined. Only a very basic level of access control composition has been illustrated. Practical implications – The publication of access control requirements in standards such as WS-Policy can be considered. Originality/value – This paper offers a practical approach to address access control for web services. en
dc.description.department Computer Science
dc.description.sponsorship The financial assistance of the Department of Labour (DoL) towards this research is hereby acknowledged. en
dc.format.extent 261719 bytes
dc.format.mimetype application/pdf
dc.identifier.citation Coetzee, M & Eloff, JHP 2005, ‘An access control framework for web services’, Information Management & Computer Security, vol. 13, no. 1, pp. 29-38. [http://www.emeraldinsight.com/info/journals/imcs/imcs.jsp] en
dc.identifier.issn 0968-5227
dc.identifier.uri http://hdl.handle.net/2263/1880
dc.language.iso en en
dc.publisher Emerald en
dc.rights Emerald en
dc.subject Worldwide web en
dc.subject Programming languages en
dc.subject Trust en
dc.title An access control framework for web services en
dc.type Postprint Article en


Files in this item

This item appears in the following Collection(s)

Show simple item record