Solving the Transitive Access Problem for the Services Oriented Architecture
- 1 February 2010
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
A key goal of the Services Oriented Architecture is the composition of independently written and managed services. However, managing access to these services has proven to be a problem. A particularly difficult case involves a service that invokes another service to satisfy an initial request. In a number of cases, implementations are able to achieve either the desired functionality or the required security, but not both at the same time. We say that this service composition suffers from the transitive access problem. We show that the problem arises from a poor choice of access control mechanism, one that uses subject authentication to make access decisions, and that the problem does not occur if we use delegatable authorizations.Keywords
This publication has 12 references indexed in Scilit:
- PolarisCommunications of the ACM, 2006
- Adding Support to XACML for Dynamic Delegation of Authority in Multiple DomainsLecture Notes in Computer Science, 2006
- Authorization-Based Access Control for the Services Oriented ArchitecturePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- E-speak e-xplainedCommunications of the ACM, 2003
- dRBAC: distributed role-based access control for dynamic coalition environmentsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Cascaded authenticationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Proxy-based authorization and accounting for distributed systemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- The Role of Trust Management in Distributed Systems SecurityPublished by Springer Nature ,1999
- The Confused DeputyACM SIGOPS Operating Systems Review, 1988
- The protection of information in computer systemsProceedings of the IEEE, 1975