Reasoning about events to specify authorization policies for web services composition

Mohsen Rouached, Claude Godart

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.

Original languageEnglish
Title of host publicationProceedings - 2007 IEEE International Conference on Web Services, ICWS 2007
Pages481-488
Number of pages8
DOIs
Publication statusPublished - 2007
Event2007 IEEE International Conference on Web Services, ICWS 2007 - Salt Lake City, UT, United States
Duration: Jul 9 2007Jul 13 2007

Other

Other2007 IEEE International Conference on Web Services, ICWS 2007
CountryUnited States
CitySalt Lake City, UT
Period7/9/077/13/07

Fingerprint

Web services
Chemical analysis
Authorization
Web service composition
Availability
Internet

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Electrical and Electronic Engineering

Cite this

Rouached, M., & Godart, C. (2007). Reasoning about events to specify authorization policies for web services composition. In Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007 (pp. 481-488). [4279634] https://doi.org/10.1109/ICWS.2007.150

Reasoning about events to specify authorization policies for web services composition. / Rouached, Mohsen; Godart, Claude.

Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007. 2007. p. 481-488 4279634.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Rouached, M & Godart, C 2007, Reasoning about events to specify authorization policies for web services composition. in Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007., 4279634, pp. 481-488, 2007 IEEE International Conference on Web Services, ICWS 2007, Salt Lake City, UT, United States, 7/9/07. https://doi.org/10.1109/ICWS.2007.150
Rouached M, Godart C. Reasoning about events to specify authorization policies for web services composition. In Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007. 2007. p. 481-488. 4279634 https://doi.org/10.1109/ICWS.2007.150
Rouached, Mohsen ; Godart, Claude. / Reasoning about events to specify authorization policies for web services composition. Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007. 2007. pp. 481-488
@inproceedings{4301c532daae4b4b88ad48e0a14eee75,
title = "Reasoning about events to specify authorization policies for web services composition",
abstract = "Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.",
author = "Mohsen Rouached and Claude Godart",
year = "2007",
doi = "10.1109/ICWS.2007.150",
language = "English",
isbn = "0769529240",
pages = "481--488",
booktitle = "Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007",

}

TY - GEN

T1 - Reasoning about events to specify authorization policies for web services composition

AU - Rouached, Mohsen

AU - Godart, Claude

PY - 2007

Y1 - 2007

N2 - Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.

AB - Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.

UR - http://www.scopus.com/inward/record.url?scp=46849117074&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=46849117074&partnerID=8YFLogxK

U2 - 10.1109/ICWS.2007.150

DO - 10.1109/ICWS.2007.150

M3 - Conference contribution

SN - 0769529240

SN - 9780769529240

SP - 481

EP - 488

BT - Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007

ER -