TY - GEN
T1 - Reasoning about events to specify authorization policies for web services composition
AU - Rouached, Mohsen
AU - Godart, Claude
PY - 2007
Y1 - 2007
N2 - Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.
AB - Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.
UR - http://www.scopus.com/inward/record.url?scp=46849117074&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=46849117074&partnerID=8YFLogxK
U2 - 10.1109/ICWS.2007.150
DO - 10.1109/ICWS.2007.150
M3 - Conference contribution
AN - SCOPUS:46849117074
SN - 0769529240
SN - 9780769529240
T3 - Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007
SP - 481
EP - 488
BT - Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007
T2 - 2007 IEEE International Conference on Web Services, ICWS 2007
Y2 - 9 July 2007 through 13 July 2007
ER -