Access Control Enforcement for Web Services by Event-Based Security Token Processing

Conference: KiVS 2007 - Kommunikation in Verteilten Systemen - 15. ITG/GI-Fachtagung
02/26/2007 - 03/02/2007 at Bern, Schweiz

Proceedings: KiVS 2007

Pages: 12Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Gruschka, Nils; Herkenhöner, Ralph; Luttenberger, Norbert (Department of Computer Science, Communication Systems Research Group, Christian-Albrechts-University of Kiel, Germany)

Access control and ensuring availability are important tasks for securing Web Services. Both requirements are not well studied on Web Services and especially not their interactions. However, considering this interaction is crucial. On one hand, access control is an established mechanism for protecting services from attacks targeting the service’s availability. On the other hand, enforcing access control on Web Services is a complex task and therefore access control implementations potentially offer new possibilities for attacks. In this paper a solution for Web Service access control enforcement is presented using an event-based processing model focusing on ensuring Web Service availability.