Web services access control architecture incorporating trust

Show simple item record

dc.contributor.author Coetzee, Marijke
dc.contributor.author Eloff, Jan H.P.
dc.date.accessioned 2008-06-05T10:36:49Z
dc.date.available 2008-06-05T10:36:49Z
dc.date.issued 2007
dc.description.abstract PURPOSE – This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users. DESIGN/METHODOLOGY/APPROACH – A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is defined. FINDINGS – The architecture of an access control service of a web service provider consists of three components, namely an authorisation interface, an authorisation manager, and a trust manager. Access control and trust policies are selectively published according to the trust levels of web services requestors. A prototype highlights the incorporation of a trust level in the access control policy as a viable solution to the problem of web services access control, where decisions of an autonomous nature need to be made, based on information and evidence. RESEARCH LIMITATIONS/IMPLICATIONS – The WSACT architecture addresses the selective publication of policies. The implementation of sophisticated policy-processing points at each web service endpoint, to automatically negotiate about policies, is an important element needed to complement the architecture. PRACTICAL IMPLICATIONS – The WSACT access control architecture illustrates how access control decisions can be made autonomously by including a trust level of web services requestors in an access control policy. ORIGINALITY/VALUE – The WSACT architecture incorporates the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast with the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established. en
dc.description.sponsorship Department of Labour, South Africa en
dc.format.extent 173235 bytes
dc.format.mimetype application/pdf
dc.identifier.citation Coetzee, M & Eloff, JHP 2007, 'Web services access control architecture incorporating trust', Internet Research, vol. 17, no. 3, 2007, pp. 291-305. [www.emeraldinsight.com/] en
dc.identifier.issn 1066-2243
dc.identifier.other 10.1108/10662240710758939
dc.identifier.uri http://hdl.handle.net/2263/5814
dc.language.iso en en
dc.publisher Emerald en
dc.rights Emerald en
dc.subject Worldwide web en
dc.subject Trust en
dc.subject Managers en
dc.subject.lcsh Computer networks -- Access control
dc.subject.lcsh Internet service providers -- Access control
dc.subject.lcsh Computer security
dc.title Web services access control architecture incorporating trust en
dc.type Postprint Article en


Files in this item

This item appears in the following Collection(s)

Show simple item record