Sciweavers

XMLSEC
2003
ACM

An access control framework for business processes for web services

13 years 9 months ago
An access control framework for business processes for web services
Business Processes for Web Services are the new paradigm for the lightweight integration of business from different enterprises. Whereas the security and access control policies for basic web services and distributed systems are well studied and almost standardized, there is not yet a comprehensive proposal for an access control architecture for business processes. The major issue is that a business process describe complex services that cross organizational boundaries and are provided by entities that see each other as just partners and nothing else. This calls for a number of differences with traditional aspects of access control architectures such as • credential vs classical user-based access control, • interactive and partner-based vs one-server-gathers-all requests of credentials from clients, • controlled disclosure of information vs all-or-nothing access control decisions, • abducing missing credentials for fulfilling requests vs deducing entailment of valid request...
Hristo Koshutanski, Fabio Massacci
Added 05 Jul 2010
Updated 05 Jul 2010
Type Conference
Year 2003
Where XMLSEC
Authors Hristo Koshutanski, Fabio Massacci
Comments (0)