Access Control Model for Web Services with Attribute Disclosure Restriction

Author

Mewar, Vipin Singh ; Aich, Subhendu ; Sural, Shamik

Author_Institution

Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur

fYear

2007

fDate

10-13 April 2007

Firstpage

524

Lastpage

531

Abstract

Web service is a programmable interface accessible through a network. In this paper we focus on the scenario in which different organizations use Web services to collaborate, share knowledge, integrate services and for providing value added services to customers. As a test case, we consider health care application in which different hospitals can give various types of services to other hospitals. We find attribute based access control (ABAC) model to be quite suitable for access control in Web services. However, there is a need to enforce user´s security policy to decide only which attributes should be disclosed so that users can reveal their attributes to service providers according to their need. We extend the ABAC model with user attribute disclosure restriction and propose a framework for defining and applying security policies

Keywords

Web services; authorisation; data privacy; health care; hospitals; medical information systems; Web services; attribute based access control; attribute disclosure restriction; authorization; data privacy; health care application; hospitals; information security; knowledge sharing; programmable interface; service integration; user security policy; value added services; Access control; Authorization; Hospitals; Information security; Markup languages; Simple object access protocol; Standards development; Standards organizations; Web and internet services; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.31

Filename

4159844