• DocumentCode
    1959276
  • Title

    Solving the Transitive Access Problem for the Services Oriented Architecture

  • Author

    Karp, Alan H. ; Li, Jun

  • Author_Institution
    Hewlett-Packard Labs., Palo Alto, CA, USA
  • fYear
    2010
  • fDate
    15-18 Feb. 2010
  • Firstpage
    46
  • Lastpage
    53
  • Abstract
    A key goal of the Services Oriented Architecture is the composition of independently written and managed services. However, managing access to these services has proven to be a problem. A particularly difficult case involves a service that invokes another service to satisfy an initial request. In a number of cases, implementations are able to achieve either the desired functionality or the required security, but not both at the same time. We say that this service composition suffers from the transitive access problem. We show that the problem arises from a poor choice of access control mechanism, one that uses subject authentication to make access decisions, and that the problem does not occur if we use delegatable authorizations.
  • Keywords
    Web services; authorisation; Web services; access control mechanism; desired functionality; managing access; security requirement; service composition; services oriented architecture; subject authentication; transitive access problem; Access control; Authentication; Authorization; Mars; Milling machines; Security; Service oriented architecture; Simple object access protocol; Weather forecasting; Web services; ABAC; PBAC; RBAC; SOA; ZBAC; access control; web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability, and Security, 2010. ARES '10 International Conference on
  • Conference_Location
    Krakow
  • Print_ISBN
    978-1-4244-5879-0
  • Type

    conf

  • DOI
    10.1109/ARES.2010.34
  • Filename
    5438113
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1959276