{"title":"支持授权和创建权限的web服务访问控制模型","authors":"Mitsuhiro Mabuchi, Yasushi Shinjo, Akira Sato, Kazuhiko Kato","doi":"10.1109/ICN.2008.72","DOIUrl":null,"url":null,"abstract":"We present a new access control model for XML Web-Services that provides users with two kinds of authorities: the authority to delegate their authorities to other users and the authority to create new authorities based on their own authorities. We developed this model by introducing capability- based access control to Web services. A capability consists of an object identifier and the list of permitted operations for that object. We map an authority of a Web-Services object to a capability of the object and express the capability as a description in Web Services Description Language (WSDL). Delegation of an authority corresponds to distribution of a capability, which is done by passing a WSDL description. Creation of a new authority corresponds to generating a restricted capability based on an original capability, which is done by stacking an object on an original object. Stacking objects also makes it possible to add new functions to existing Web-Services objects without modifying the existing objects. We demonstrate the effectiveness of the proposed model using a schedule management application, which enables a project leader to delegate his or her tasks to subordinates by comparing it with Google Calendar. We also show that the execution times of stackable objects are acceptable by comparing them with typical Internet delay.","PeriodicalId":250085,"journal":{"name":"Seventh International Conference on Networking (icn 2008)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"An Access Control Model for Web-Services That Supports Delegation and Creation of Authority\",\"authors\":\"Mitsuhiro Mabuchi, Yasushi Shinjo, Akira Sato, Kazuhiko Kato\",\"doi\":\"10.1109/ICN.2008.72\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a new access control model for XML Web-Services that provides users with two kinds of authorities: the authority to delegate their authorities to other users and the authority to create new authorities based on their own authorities. We developed this model by introducing capability- based access control to Web services. A capability consists of an object identifier and the list of permitted operations for that object. We map an authority of a Web-Services object to a capability of the object and express the capability as a description in Web Services Description Language (WSDL). Delegation of an authority corresponds to distribution of a capability, which is done by passing a WSDL description. Creation of a new authority corresponds to generating a restricted capability based on an original capability, which is done by stacking an object on an original object. Stacking objects also makes it possible to add new functions to existing Web-Services objects without modifying the existing objects. We demonstrate the effectiveness of the proposed model using a schedule management application, which enables a project leader to delegate his or her tasks to subordinates by comparing it with Google Calendar. We also show that the execution times of stackable objects are acceptable by comparing them with typical Internet delay.\",\"PeriodicalId\":250085,\"journal\":{\"name\":\"Seventh International Conference on Networking (icn 2008)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Seventh International Conference on Networking (icn 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICN.2008.72\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Seventh International Conference on Networking (icn 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICN.2008.72","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Access Control Model for Web-Services That Supports Delegation and Creation of Authority
We present a new access control model for XML Web-Services that provides users with two kinds of authorities: the authority to delegate their authorities to other users and the authority to create new authorities based on their own authorities. We developed this model by introducing capability- based access control to Web services. A capability consists of an object identifier and the list of permitted operations for that object. We map an authority of a Web-Services object to a capability of the object and express the capability as a description in Web Services Description Language (WSDL). Delegation of an authority corresponds to distribution of a capability, which is done by passing a WSDL description. Creation of a new authority corresponds to generating a restricted capability based on an original capability, which is done by stacking an object on an original object. Stacking objects also makes it possible to add new functions to existing Web-Services objects without modifying the existing objects. We demonstrate the effectiveness of the proposed model using a schedule management application, which enables a project leader to delegate his or her tasks to subordinates by comparing it with Google Calendar. We also show that the execution times of stackable objects are acceptable by comparing them with typical Internet delay.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
