Web services are independently written and managed, each with its own access control policy, thus it is challenging to control the access to the information they own. A particularly difficult case occurs when a service invokes another service to satisfy an initial request. We call this "Transitive access problem". To tackle this issue, we propose to use XACML for defining Attribute based Access Control (ABAC) policies for web services.We focus on the authorisation issue of access control and solve the transitive access problem by integrating in the XACML architecture a module for supporting multiple attribute domains.
Towards a reference architecture for access control in distributed web applications / Uttha, W.; Bertolissi, C.; Ranise, S.. - 1298:(2014). (Intervento presentato al convegno 2014 ESSoS Doctoral Symposium, ESSoS-DS 2014, Co-located with the International Symposium on Engineering Secure Software and Systems, ESSoS 2014 tenutosi a deu nel 2014).
Towards a reference architecture for access control in distributed web applications
Ranise S.
2014-01-01
Abstract
Web services are independently written and managed, each with its own access control policy, thus it is challenging to control the access to the information they own. A particularly difficult case occurs when a service invokes another service to satisfy an initial request. We call this "Transitive access problem". To tackle this issue, we propose to use XACML for defining Attribute based Access Control (ABAC) policies for web services.We focus on the authorisation issue of access control and solve the transitive access problem by integrating in the XACML architecture a module for supporting multiple attribute domains.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
