Scheduled System Maintenance:
On Wednesday, July 29th, IEEE Xplore will undergo scheduled maintenance from 7:00-9:00 AM ET (11:00-13:00 UTC). During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

A Service-oriented Approach to Security - Concepts and Issues

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Bertino, E. ; Purdue Univ., West Lafayette, IN ; Martino, L.D.

Various mechanisms for authentication and access control have been developed over time. Operating systems and DBMS implement such mechanisms and support quite rich access control models. A major limitation, however, of such mechanisms is that they are not extensible; thus whenever an application domain requires more sophisticated access controls or authentication, the applications must include logics for such controls. Such an approach leads to increased costs in application development and maintenance. For these reasons, models and mechanisms apt to separate those functions have emerged, also fostered by XML and Web services. At the same time, the need to drive the behaviour of security through clearly stated and machine-processable policies has fostered the development of various policy models and policy management mechanisms. A policy-based approach enhances flexibility, and reduces the application development costs. Changes to the access control or authentication requirements simply entail modifying the policies, without requiring changes to the applications. It is thus clear that an important approach to the problem of security is represented by the development of policy-based security services providing all functions for security management relevant to applications. Such an approach is particularly promising for applications organized according to the service oriented (SOA) paradigm. In this paper we discuss basic concepts of such an approach to security and we present a reference architectural framework. We discuss three relevant classes of security services, namely digital identity management services, authentication services, access control services, and outline research directions for each such class

Published in:

Autonomous Decentralized Systems, 2007. ISADS '07. Eighth International Symposium on

Date of Conference:

21-23 March 2007