Abstract
Security issues are one of the major deterrents to Web Services adoption in mission critical applications and to the realization of the dynamic e- Business vision of Service Oriented Computing. Role Based Access Control (RBAC) is a common approach for authorization as it greatly simplifies complex authorization procedures in enterprise information systems. However, as most RBAC implementations rely on the manual setup of pre-defined user-ID and password combinations to identify the particular user, this makes it very hard to conduct dynamic e-Business as the service requestor and service provider must have prior knowledge of each other before the transaction. This paper proposes a new Web Services security architecture which unifies the authorization and authentication processes by extending current digital certificate technologies. It enables secure Web Service authorization decisions between parties even if previously unknown to each other and it also enhances the trustworthiness of service discovery.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ciganek, A.P., Haines, M.N., Haseman, W.D.: Challenges of Adopting Web Services: Experiences from the Financial Industry. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences (2005)
Park, J.S., Sandhu, R.S.: RBAC on the Web by Smart Certificates. In: Proceedings of the fourth ACM workshop on Role-based access control, pp. 1–9 (1999)
Steele, R., Dai, J.: UDDI Access Control for the Extended Enterprise. In: Proceedings of the International Conference on Web Information Systems and Technologies (2005)
Yang, S.J.H., Hsieh, J.S.F., Lan, B.C.W., Chung, J.Y.: Composition and evaluation of trustworthy Web Services. In: Proceedings of the IEEE EEE 2005 international workshop on Business services networks (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Steele, R., Tao, W. (2005). An Architecture for Unifying Web Services Authentication and Authorization. In: Benatallah, B., Casati, F., Traverso, P. (eds) Service-Oriented Computing - ICSOC 2005. ICSOC 2005. Lecture Notes in Computer Science, vol 3826. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596141_53
Download citation
DOI: https://doi.org/10.1007/11596141_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30817-1
Online ISBN: 978-3-540-32294-8
eBook Packages: Computer ScienceComputer Science (R0)