Reasoning about events to specify authorization policies for web services composition

Mohsen Rouached, Claude Godart

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Availability of a wide variety of Web services over the Internet offers opportunities of providing new value added services built by composing them out of existing ones. By integrating individual existing Web services the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes a logic based approach using for specifying authorization policies and detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web services environments. The method not only enables static detection of policy conflicts but also yields information that is helpful for correcting the policies. An automated induction-based theorem prover SPIKE is used as verification back-end.

Original languageEnglish
Title of host publicationProceedings - 2007 IEEE International Conference on Web Services, ICWS 2007
Pages481-488
Number of pages8
DOIs
Publication statusPublished - 2007
Event2007 IEEE International Conference on Web Services, ICWS 2007 - Salt Lake City, UT, United States
Duration: Jul 9 2007Jul 13 2007

Other

Other2007 IEEE International Conference on Web Services, ICWS 2007
CountryUnited States
CitySalt Lake City, UT
Period7/9/077/13/07

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Reasoning about events to specify authorization policies for web services composition'. Together they form a unique fingerprint.

  • Cite this

    Rouached, M., & Godart, C. (2007). Reasoning about events to specify authorization policies for web services composition. In Proceedings - 2007 IEEE International Conference on Web Services, ICWS 2007 (pp. 481-488). [4279634] https://doi.org/10.1109/ICWS.2007.150