Title :
Access Control Model for Web Services with Attribute Disclosure Restriction
Author :
Mewar, Vipin Singh ; Aich, Subhendu ; Sural, Shamik
Author_Institution :
Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur
Abstract :
Web service is a programmable interface accessible through a network. In this paper we focus on the scenario in which different organizations use Web services to collaborate, share knowledge, integrate services and for providing value added services to customers. As a test case, we consider health care application in which different hospitals can give various types of services to other hospitals. We find attribute based access control (ABAC) model to be quite suitable for access control in Web services. However, there is a need to enforce user´s security policy to decide only which attributes should be disclosed so that users can reveal their attributes to service providers according to their need. We extend the ABAC model with user attribute disclosure restriction and propose a framework for defining and applying security policies
Keywords :
Web services; authorisation; data privacy; health care; hospitals; medical information systems; Web services; attribute based access control; attribute disclosure restriction; authorization; data privacy; health care application; hospitals; information security; knowledge sharing; programmable interface; service integration; user security policy; value added services; Access control; Authorization; Hospitals; Information security; Markup languages; Simple object access protocol; Standards development; Standards organizations; Web and internet services; Web services;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.31