Sciweavers

ITRUST
2005
Springer

Interactive Credential Negotiation for Stateful Business Processes

14 years 6 months ago
Interactive Credential Negotiation for Stateful Business Processes
Business Processes for Web Services are the new paradigm for lightweight enterprise integration. They cross organizational boundaries, are provided by entities that see each other just as business partners, and require access control mechanisms based on trust management. Stateful Business Processes, enforcing separation of duties or service limitations based on past or current usage, pose additional research challenges. Clients, which may not know the right set of credentials to supply to each partner, may end up in dead-ends and servers should help them find out what must be revoked and what missing is that grant access to a particular resource. We propose a logical framework and an interactive algorithm based on negotiation of credentials for access control that works for Stateful Business Processes. We show that our algorithm is sound (no grant is given to unauthorized clients), complete (authorized clients get grant) and resistant against DoS attempt.
Hristo Koshutanski, Fabio Massacci
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where ITRUST
Authors Hristo Koshutanski, Fabio Massacci
Comments (0)