Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SWS
2004
ACM
2004
ACM
Trust but verify: authorization for web services
Through web service technology, distributed applications can be built in a
exible manner, bringing tremendous power to applications on the web. However, this
exibility poses signi
cant challenges to security. In particular, an end user (be it human or machine) may access a web service directly, or through a number of intermediaries, while these intermediaries may be formed on the
y for a particular task. Traditional access control for distributed systems is not
exible and e
cient enough in such an environment. Indeed, it may be impossible for a web service to anticipate all possible access patterns, hence to de
ne an appropriate access control list beforehand. Novel solutions are needed. This paper introduces a trust-but-verify framework for web services authorization, and provides an implementation example. In the trust-but-verify framework, each web service maintains authorization policies. In addition, there is a global set of trust transformation rules, each of which has an ...
Real-time Traffic| Added | 30 Jun 2010 |
| Updated | 30 Jun 2010 |
| Type | Conference |
| Year | 2004 |
| Where | SWS |
| Authors | Christian Skalka, Xiaoyang Sean Wang |
Comments (0)
Researcher Info
|
