{"title":"Enhancing Security Modeling for Web Services Using Delegation and Pass-On","authors":"Wei She, I. Yen, B. Thuraisingham","doi":"10.4018/jwsr.2010010101","DOIUrl":null,"url":null,"abstract":"In recent years, the issues in web service security have been widely investigated and various security standards have been proposed. But most of these studies and standards focus on the access control policies for individual web services and do not consider the access issues in composed services. Consider a simple service chain where service s1 accesses s2, and s2, in turn, accesses service s3. The information returned from s3 to s2 may be used to compute some results that are further returned to s1. The current web service security framework does not provide any mechanisms to control such an information flow, and hence, sensitive information may be leaked to s1 without the consensus of s3. In this paper, we propose an enhanced security model to facilitate the control of information flow through service chains. It extends the basic security models by introducing the concepts of delegation and pass-on. Based on these concepts, new certificates, certificate chain, delegation and pass-on policies, and how they are used to control the information flow are discussed.","PeriodicalId":275591,"journal":{"name":"2008 IEEE International Conference on Web Services","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE International Conference on Web Services","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jwsr.2010010101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 40
Abstract
In recent years, the issues in web service security have been widely investigated and various security standards have been proposed. But most of these studies and standards focus on the access control policies for individual web services and do not consider the access issues in composed services. Consider a simple service chain where service s1 accesses s2, and s2, in turn, accesses service s3. The information returned from s3 to s2 may be used to compute some results that are further returned to s1. The current web service security framework does not provide any mechanisms to control such an information flow, and hence, sensitive information may be leaked to s1 without the consensus of s3. In this paper, we propose an enhanced security model to facilitate the control of information flow through service chains. It extends the basic security models by introducing the concepts of delegation and pass-on. Based on these concepts, new certificates, certificate chain, delegation and pass-on policies, and how they are used to control the information flow are discussed.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
