Authorization and access control in Web services is complicated by the unique requirements of the dynamic Web services paradigm. Current authentication mechanisms for Web services do not differentiate between users in terms of fine-grained access privileges. This results in an all-or-nothing access which is not flexible enough for modern day business processes using Web services to execute. In this paper, we present a policy-based authorization framework to address this requirement. We have designed a profile of the well-known WS-policy specification tailored to meet the access control requirements in Web services by integrating WS-policy with an access control policy specification language, X-GTRBAC. The design of the profile is aimed at bridging the gap between available policy standards for Web services and existing policy specification languages for access control. The profile supports the WS-policy attachment specification, which allows separate policies to be associated with multiple components of a Web service description, and one of our key contributions is the design of an algorithm to compute the effective policy for the Web service given the multiple policy attachments. To allow Web service applications to use our solution, we have adopted a component-based design approach based on well-known UML notations. We have also prototyped our architecture, and implemented it as a loosely coupled Web service providing healthcare information services to physicians subject to applicable authorization policies.
"Each user in a given role can then access the only part of the system (atomic services and data attributes) circumscribed by his access rights or privileges. These technologies have been extended to take into account temporal constraints on user-role assignments (X- GTRBAC (Joshi et al., 2005)) and Web services as protected resources (WS-RBAC (Bhatti et al., 2007)). They are, however, not adapted to long running processes , as those encountered in an SOA environment, and lack the expressive power to refer to past actions (which are elements of traces in process algebra notations ). "
[Show abstract][Hide abstract] ABSTRACT: E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical
information should not be just role-based but should also include the contextual condition of the role to access data. In
this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information
for making access control decisions in e-health application. We present an architecture consisting of authorisation and context
infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.
[Show abstract][Hide abstract] ABSTRACT: Recently IPTV is being spotlighted as a new stream service to stably provide video, audio and control signals to subscribers
through the application of IP protocol. However, the IPTV system is facing more security threats than the traditional TV.
This study proposes a multicasting encryption mechanism for secure transmission of the contents of IPTV by which the content
provider encrypts their contents and send the encrypted contents and the key used for encryption of the contents to the user.
In order to reduce the time and cost of Head-End, the proposed mechanism encrypts the media contents at the Head-End, embeds
the code of the IPTV terminal used at the Head-End in the media contents for user tracking, and performs desynchronization
for protection of the media contents from various attacks.
Note: This list is based on the publications in our database and might not be exhaustive.
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.