CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Study of Access Control Issue in Web Services

by Abolfazl Esfandi, Mehdi Sabbari
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 49 - Number 1
Year of Publication: 2012
Authors: Abolfazl Esfandi, Mehdi Sabbari
10.5120/7589-7647

Abolfazl Esfandi, Mehdi Sabbari . Study of Access Control Issue in Web Services. International Journal of Computer Applications. 49, 1 ( July 2012), 11-16. DOI=10.5120/7589-7647

@article{ 10.5120/7589-7647,
author = { Abolfazl Esfandi, Mehdi Sabbari },
title = { Study of Access Control Issue in Web Services },
journal = { International Journal of Computer Applications },
issue_date = { July 2012 },
volume = { 49 },
number = { 1 },
month = { July },
year = { 2012 },
issn = { 0975-8887 },
pages = { 11-16 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume49/number1/7589-7647/ },
doi = { 10.5120/7589-7647 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:45:09.747245+05:30
%A Abolfazl Esfandi
%A Mehdi Sabbari
%T Study of Access Control Issue in Web Services
%J International Journal of Computer Applications
%@ 0975-8887
%V 49
%N 1
%P 11-16
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security is an important issue that must be well-defined in Service Oriented Architecture (SOA) environment, so that it could be used in implementing the web services. In this article, we focus on one of the important aspects of SOA security, which is access control. The article explains the security requirements that must be followed and proposes a conceptual model of requirements in this field based on the needs. Then every requirement, available techniques and standards in this field is separated and discussed. Since different models such as IBAC,RBAC, ABAC and RAdAC have been presented so far, these existing models are explained. Then a comparison between ABAC model's structure that is more compatible with SOA and RBAC model that is most widely used today is presented.

References
  1. T. Erl, "SOA: Principles of Service Design, " Prentice Hall/Pearson PTR, 2007.
  2. J. Wang, A. Yu, X. Zhang and L. Qu, "A Dynamic Data Integration Model Based on SOA, " In: 2009 ISECS International Colloquium on Computing, Communication, Control, and Management, pp. 196-199. IEEE, 2009.
  3. T. Parveen and S. Tilley, "A Research Agenda for Testing SOA-Based Systems," In: SysCon 2008-IEEE International Systems Conference, Montreal, Canada, April 2008.
  4. M. P. Papazoglou and W. Van Den Heuvel, "Service oriented architectures: approaches, technologies and research issues," pp. 389-415, Springer-Verlag, 2007.
  5. J. Eckert, M. Bachhuber, A. Miede, A. Pasageorgiou and R. Steinmetz, "Service-oriented Architectures in the German Banking Industry-A Multi-Participant Case Study," In: 4th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2010), 2010.
  6. M. Hafner and R. Breu, "Security Engineering for Service-Oriented Architectures, " Springer, 2009.
  7. V. Jonnaganti, "An Integrated Security Model for the Management of SOA- Improving the attractiveness of SOA Environments through a strong Architectural Integrity, " Master Thesis, University of Gothenburg Department of Applied Information Technology Gothenburg, Sweden, 2009.
  8. J. Fiere, "SOA Security, " Master Thesis, Faculty of Science Vrije Universiteit Amsterdam, 2007.
  9. D. Jana, A. Chaudhuri and B. Bhaumik, "Privacy and Anonymity Protection in Computational Grid Services, " International Journal of Computer Science and Applications, Vol, 6, No, 1, pp. 98-107, 2009.
  10. R. Kanneganti and P. A. Chodavarapu, "SOA Security, " Manning, 2008.
  11. A. Singhal, T. Winograd and K. Scarfone, "Guide to Secure Web Services, " National Institute of Standards and Technology Special Publication, 2007.
  12. J. Crampton, H. Wei Lim and K. G. Paterson, "What Can Identity-Based Cryptography Offer to Web Services?, " ACM, Virginia, USA, 2007.
  13. J. Janssen, "Identity management within an organization, " Master Thesis, Radbound University Nijmegen, 2008.
  14. A. H. Karp, "Authorization-Based Access Control for the Services Oriented Architecture, " in the Fourth International Conference on Creating, Connecting, and Collaborating through Computing, IEEE, Berkeley, CA, USA, 2006.
  15. M. Chanliau, "Web Services Security: What's Required To Secure A Service-Oriented Architecture, " An Oracle White Paper, 2006.
  16. R. S. Sandhu and et al, "Role-Based Access Control Models," IEEE Computer, pp. 38-47, 1996.
  17. D. F. Ferraiolo and D. R. Kuhn, "Role Based Access Control, " 15th National Computer Security Conf. : 554-563, 1992.
  18. R. Kuhn, "Role Based Access Control," American National Standards Institute, 2003.
  19. D. Rolls, "Establishing an operational context for shared role-based access control systems," White Paper, SailPoint Technologies, Jun. 2008.
  20. E. Yuan and J. Tong, "Attributed Based Access Control (ABAC) for Web Services, " IEEE International Conference on Web Services (ICWS'05), 2005.
  21. J. Tong, "Attribute based access control: a new access control approach for service oriented architectures," Workshop on New Challenges for Access Control, Ottawa, Canada, Apr. 2005.
  22. A. H. Karp and J. Li, "Solving the Transitive Access Problem for the Services Oriented Architecture," IEEE International Conference on Availability, Reliability and Security, DOI 10. 1109/ARES, 2010.
  23. P. C. Cheng, P. Rohatgi, and C. Keser, "Fuzzy MLS: an experiment on quantified risk–adaptive access control," In 2007 Proc. IEEE Symposium on Security and Privacy, pp. 222-230.
  24. J. WU and C. XI, "The Study on Service Oriented Access Control Model," Second International Conference on Information and Computing Science, IEEE, 2009.
  25. T. Moses and et al, "eXtensible Access Control Markup Language(XACML) Version 2. 0, " OASIS Standard, 1 Feb 2005.
Index Terms

Computer Science
Information Sciences

Keywords

Service Oriented Architecture Web Services Access Control Security Requirements RBAC ABAC

Powered by PhDFocusTM