By Topic

An Attribute-Based Access Control Model for Web Services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Hai-bo Shen ; Sch. of Comput., Huazhong Univ. of Sci. & Technol., Wuhan ; Fan Hong

Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, most current access control systems base authorization decisions on subject's identity. Administrative scalability and control granularity are serious problems in those systems, and they are not fit for Web services environment. So an attribute-based access control model (WS-ABAC) is presented to address these issues in this paper. WS-ABAC grants access to services based on attributes of the related entities, and uses automated trust negotiation mechanism to address the disclosure issue of the sensitive attributes. It can provide administratively scalable alternative to identity-based authorization methods and provide fine-grained access control for Web services. Moreover, it also can protect user's privacy

Published in:

Parallel and Distributed Computing, Applications and Technologies, 2006. PDCAT '06. Seventh International Conference on

Date of Conference:

Dec. 2006