Web Services and Business Processes for Web Services are the new paradigms for the lightweight integration of business from different enterprises. Whereas the security and access control policies for basic web services and distributed systems are well studied and almost standardized, there is not yet a comprehensive proposal for an access control architecture for business processes. The major difference is that business process describe complex services that cross organizational boundaries and are provided by entities that sees each other as just partners and nothing else. This calls for a number of differences with traditional aspects of access control architectures such as: - credential vs classical user-based access control, - interactive and partner-based vs one-server-gathers-all requests of credentials from clients, - controlled disclosure of information vs all-or-nothing access control decisions, - abducing missing credentials for fulfilling requests vs deducing entailment of valid requests from credentials in formal models, - source-code" authorization processes vs data describing policies for communicating policies or for orchestrating the work of authorization servers. Looking at the access control field we find good approximation of most components but not their synthesis into one access control architecture for business processes for web services

An Access Control System for Business Processes for Web Services / Koshutanski, Hristo; Massacci, Fabio. - ELETTRONICO. - (2002), pp. 1-12.

An Access Control System for Business Processes for Web Services

Koshutanski, Hristo;Massacci, Fabio
2002-01-01

Abstract

Web Services and Business Processes for Web Services are the new paradigms for the lightweight integration of business from different enterprises. Whereas the security and access control policies for basic web services and distributed systems are well studied and almost standardized, there is not yet a comprehensive proposal for an access control architecture for business processes. The major difference is that business process describe complex services that cross organizational boundaries and are provided by entities that sees each other as just partners and nothing else. This calls for a number of differences with traditional aspects of access control architectures such as: - credential vs classical user-based access control, - interactive and partner-based vs one-server-gathers-all requests of credentials from clients, - controlled disclosure of information vs all-or-nothing access control decisions, - abducing missing credentials for fulfilling requests vs deducing entailment of valid requests from credentials in formal models, - source-code" authorization processes vs data describing policies for communicating policies or for orchestrating the work of authorization servers. Looking at the access control field we find good approximation of most components but not their synthesis into one access control architecture for business processes for web services
2002
Trento, Italia
Università degli Studi di Trento. DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY
An Access Control System for Business Processes for Web Services / Koshutanski, Hristo; Massacci, Fabio. - ELETTRONICO. - (2002), pp. 1-12.
Koshutanski, Hristo; Massacci, Fabio
File in questo prodotto:
File Dimensione Formato  
102.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 584.7 kB
Formato Adobe PDF
584.7 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/358735
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact