Skip to Main Content
In this paper, we introduce the authorization issues for Web Services. We introduce the authorization service provided by Microsoft® .NET MyServices and then briefly describe our proposed modifications and extensions to the authorization service. We discuss the application of the extended authorization model to a healthcare system built using Web Services. We used the XML access control language (XACL) to specify policies in XML and control access to the patient records stored in XML format. We then evaluated the suitability of XACL as an authorization policy language for Web Services.