By Topic

An Access Control Model for Web-Services That Supports Delegation and Creation of Authority

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Mitsuhiro Mabuchi ; Dept. of Comput. Sci., Univ. of Tsukuba, Tsukuba ; Yasushi Shinjo ; Akira Sato ; Kazuhiko Kato

We present a new access control model for XML Web-Services that provides users with two kinds of authorities: the authority to delegate their authorities to other users and the authority to create new authorities based on their own authorities. We developed this model by introducing capability- based access control to Web services. A capability consists of an object identifier and the list of permitted operations for that object. We map an authority of a Web-Services object to a capability of the object and express the capability as a description in Web Services Description Language (WSDL). Delegation of an authority corresponds to distribution of a capability, which is done by passing a WSDL description. Creation of a new authority corresponds to generating a restricted capability based on an original capability, which is done by stacking an object on an original object. Stacking objects also makes it possible to add new functions to existing Web-Services objects without modifying the existing objects. We demonstrate the effectiveness of the proposed model using a schedule management application, which enables a project leader to delegate his or her tasks to subordinates by comparing it with Google Calendar. We also show that the execution times of stackable objects are acceptable by comparing them with typical Internet delay.

Published in:

Networking, 2008. ICN 2008. Seventh International Conference on

Date of Conference:

13-18 April 2008