By Topic

Achieving Data Privacy and Security Using Web Services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Weaver, A.C. ; University of Virginia, e-mail: acw@cs.virginia.edu

The Internet has proven to be a powerful enabler for anywhere/anytime access to data and software located through the world. The downside of this capability is that it exposes these resources to information leakage, malicious invasion by hackers, and damage due to software viruses. This risk can be mitigated by the intelligent use of a web services architecture than can enforce both data privacy and security. In this talk I will propose a security architecture that enforces information security by addressing the key issues of authentication, authorization, and federation. Authentication results in a security token that conveys both the identity of the requestor and the trust level of the identification technology. Authorization determines what objects are accessible by a user given his identity token, request, role, context, and privileges. Federation, using both direct and indirect trust, addresses the problem of how identity, once legitimately established in one trust domain, can be reliably exported to another cooperating trust domain. I will discuss our implementation of these ideas in an on-going research project to protect medical data, and will illustrate how the concepts generalize to protect arbitrary data resources.

Published in:

Industrial Technology, 2005. ICIT 2005. IEEE International Conference on

Date of Conference:

14-17 Dec. 2005