TY - GEN
T1 - Fine grained access control for SOAP E-services
AU - Damiani, Ernesto
AU - Di Vimercati, Sabrina De Capitani
AU - Paraboschi, Stefano
AU - Samarati, Pierangela
N1 - Publisher Copyright:
© 2001 ACM.
PY - 2001/4/1
Y1 - 2001/4/1
N2 - Lightweight protocols for remote service invocation via HTTP and XML, such as SOAP, are rapidly gaining accept- A nce among developers of Internet-based e-services, espe-cially because of their firewall-traversal capabilities. How-ever, no standard technique for access control security is currently defined for either HTTP or SOAP itself. Con-cerns have been raised about the possibility that different SOAP applications will deal with embedded security in dif-ferent ways, leading to application-dependent security holes. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that compose a SOAP call. The result is a sim-ple, yet powerful and general, technique to enforce access restrictions to SOAP invocations.
AB - Lightweight protocols for remote service invocation via HTTP and XML, such as SOAP, are rapidly gaining accept- A nce among developers of Internet-based e-services, espe-cially because of their firewall-traversal capabilities. How-ever, no standard technique for access control security is currently defined for either HTTP or SOAP itself. Con-cerns have been raised about the possibility that different SOAP applications will deal with embedded security in dif-ferent ways, leading to application-dependent security holes. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that compose a SOAP call. The result is a sim-ple, yet powerful and general, technique to enforce access restrictions to SOAP invocations.
KW - Access control
KW - Certificates
KW - Roles
KW - SOAP
KW - XML
UR - http://www.scopus.com/inward/record.url?scp=84976482712&partnerID=8YFLogxK
U2 - 10.1145/371920.372152
DO - 10.1145/371920.372152
M3 - Conference contribution
AN - SCOPUS:84976482712
SN - 1581133480
SN - 9781581133486
T3 - Proceedings of the 10th International Conference on World Wide Web, WWW 2001
SP - 504
EP - 513
BT - Proceedings of the 10th International Conference on World Wide Web, WWW 2001
T2 - 10th International Conference on World Wide Web, WWW 2001
Y2 - 1 May 2001 through 5 May 2001
ER -