Interoperable Access Control for Geo Web Services in Disaster Management

Due to the ever increasing number of web services available through the Internet, the privacy as a fundamental human right is endangered. Informed consent and collection of information are two important aspects while interacting on the Internet through web services. The ease of data access and the ready availability of it through Internet, made it easier for interested parties to intrude into the individual's privacy in unprecedented ways. The regulatory and technical solutions adopted to curb this have achieved only a limited success. The main culprits in this regard are the incompatibilities in the regulatory measures and standards. This research work focuses on privacy preserving access control for sharing sensitive information in the arena of web services, provides some recent outlooks towards the critical need of privacy aware access control technologies and a comprehensive review of the existing work in this arena. Besides, a novel framework for privacy aware access to web services is also provided.

Download Full-text

A Literature Review on Trust Management in Web Services Access Control

International Journal on Web Service Computing ◽

10.5121/ijwsc.2013.4301 ◽

2013 ◽

Vol 4 (3) ◽

pp. 1-19 ◽

Cited By ~ 2

Author(s):

Joseph Manoj R ◽

Chandrasekar A

Keyword(s):

Literature Review ◽

Web Services ◽

Access Control ◽

Trust Management

Download Full-text

Access Control and Information Flow Control for Web Services Security

International Journal of Information Technology and Web Engineering ◽

10.4018/ijitwe.2016010103 ◽

2016 ◽

Vol 11 (1) ◽

pp. 44-76 ◽

Cited By ~ 2

Author(s):

Saadia Kedjar ◽

Abdelkamel Tari ◽

Peter Bertok

Keyword(s):

Web Services ◽

Access Control ◽

Flow Control ◽

Information Flow ◽

Information Flow Control ◽

User Access ◽

Web Services Security ◽

Information Confidentiality ◽

Security Standards

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

Download Full-text

Using SAML and XACML for Web Service Security&Privacy

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch008 ◽

2008 ◽

pp. 182-205 ◽

Cited By ~ 7

Author(s):

Tuncay Namli ◽

Asuman Dogac

Keyword(s):

Web Services ◽

Access Control ◽

Web Service ◽

User Authentication ◽

Security And Privacy ◽

Web Service Security ◽

Technology Changes ◽

Attribute Information ◽

Healthcare Monitoring ◽

Service Standards

Web service technology changes the way of conducting business by opening their services to the whole business world over the networks. This property of Web services makes the security and privacy issues more important since the access to the services becomes easier. Many Web service standards are emerging to make Web services secure and privacy protected. This chapter discusses two of them; SAML (OASIS, 2005) and XACML (OASIS, 2005). SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. In other words, SAML handles the user authentication and also carries attribute information for authorization (access control). XACML is the complementary standard of OASIS to make the access control decisions. This work is realized within the scope of the IST 027074 SAPHIRE Project which is an intelligent healthcare monitoring and decision support system.

Download Full-text

Authorization Service for Web Services and its Application in a Health Care Domain

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch191 ◽

2008 ◽

pp. 2865-2891

Author(s):

Sarath Indrakanti ◽

Vijay Varadharajan ◽

Michael Hitchens

Keyword(s):

Health Care ◽

Web Services ◽

Access Control ◽

Health Care System ◽

Design Issues ◽

Policy Language ◽

Control Language ◽

Authorization Model ◽

Authorization Policy ◽

Authorization Policies

In this paper, we discuss the design issues for an authorization framework for Web Services. In particular, we describe the features required for an authorization policy language for Web Services. We briefly introduce the authorization service provided by Microsoft .NET MyServices and describe our extended authorization model that proposes extensions to the .NET MyServices authorization service to support a range of authorization policies required in commercial systems. We discuss the application of the extended authorization model to a health care system built using Web Services. We use the XML Access Control Language (XACL) in our implementation to demonstrate our extended authorization model. This also enables us to evaluate the range of authorization policies that XACL supports.

Download Full-text