Trust but verify: authorization for web services

14 years 27 days ago
Trust but verify: authorization for web services
Through web service technology, distributed applications can be built in a exible manner, bringing tremendous power to applications on the web. However, this exibility poses signicant challenges to security. In particular, an end user (be it human or machine) may access a web service directly, or through a number of intermediaries, while these intermediaries may be formed on the y for a particular task. Traditional access control for distributed systems is not exible and ecient enough in such an environment. Indeed, it may be impossible for a web service to anticipate all possible access patterns, hence to dene an appropriate access control list beforehand. Novel solutions are needed. This paper introduces a trust-but-verify framework for web services authorization, and provides an implementation example. In the trust-but-verify framework, each web service maintains authorization policies. In addition, there is a global set of trust transformation rules, each of which has an ...
Christian Skalka, Xiaoyang Sean Wang
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Where SWS
Authors Christian Skalka, Xiaoyang Sean Wang
Comments (0)