An extended RBAC model for Web services in business process

Author

Liu, Peng ; Chen, Zhong

Author_Institution

Comput. Sci. Dept., Peking Univ., Beijing

fYear

2004

fDate

15-15 Sept. 2004

Firstpage

100

Lastpage

107

Abstract

Web services are widely accepted and adopted to provide business functionality in business world. Especially, Web service is chosen to compose business process by companies to achieve their business objectives. Business process contains a set of activities, which represent business interactions between Web services spanning company boundaries. As Web services are built in open distributed environment, it is apt to cause security concerns. Security problems mainly prevent many companies from implementing Web services. This paper proposes an extended RBAC model, called WS-RBAC4BP, to protect Web services in business process. In this model, companies and Web services are considered as subjects and protected objects, respectively. New types of constraints are introduced. Furthermore, the system architecture of WS-RABC4BP is presented. This paper also gives examples to illustrate the model

Keywords

Internet; authorisation; business data processing; interactive systems; open systems; Web services; business interactions; business process; open distributed environment; role-based access control model; security standards; Access control; Companies; Computer science; Costs; Information security; Middleware; Protection; Simple object access protocol; Web services; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

E-Commerce Technology for Dynamic E-Business, 2004. IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

0-7695-2206-8

Type

conf

DOI

10.1109/CEC-EAST.2004.17

Filename

1388305