Access Control Enforcement for Web Services by Event-Based Security Token Processing
Konferenz: KiVS 2007 - Kommunikation in Verteilten Systemen - 15. ITG/GI-Fachtagung
26.02.2007 - 02.03.2007 in Bern, Schweiz
Tagungsband: KiVS 2007
Seiten: 12Sprache: EnglischTyp: PDF
Persönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt
Autoren:
Gruschka, Nils; Herkenhöner, Ralph; Luttenberger, Norbert (Department of Computer Science, Communication Systems Research Group, Christian-Albrechts-University of Kiel, Germany)
Inhalt:
Access control and ensuring availability are important tasks for securing Web Services. Both requirements are not well studied on Web Services and especially not their interactions. However, considering this interaction is crucial. On one hand, access control is an established mechanism for protecting services from attacks targeting the service’s availability. On the other hand, enforcing access control on Web Services is a complex task and therefore access control implementations potentially offer new possibilities for attacks. In this paper a solution for Web Service access control enforcement is presented using an event-based processing model focusing on ensuring Web Service availability.