Access Control Enforcement for Web Services by Event-Based Security Token Processing

Konferenz: KiVS 2007 - Kommunikation in Verteilten Systemen - 15. ITG/GI-Fachtagung
26.02.2007 - 02.03.2007 in Bern, Schweiz

Tagungsband: KiVS 2007

Seiten: 12Sprache: EnglischTyp: PDF

Persönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt

Gruschka, Nils; Herkenhöner, Ralph; Luttenberger, Norbert (Department of Computer Science, Communication Systems Research Group, Christian-Albrechts-University of Kiel, Germany)

Access control and ensuring availability are important tasks for securing Web Services. Both requirements are not well studied on Web Services and especially not their interactions. However, considering this interaction is crucial. On one hand, access control is an established mechanism for protecting services from attacks targeting the service’s availability. On the other hand, enforcing access control on Web Services is a complex task and therefore access control implementations potentially offer new possibilities for attacks. In this paper a solution for Web Service access control enforcement is presented using an event-based processing model focusing on ensuring Web Service availability.