Authorization-Based Access Control for the Services Oriented Architecture

Authorization-Based Access Control for the Services Oriented Architecture

Several attempts at using the services oriented architecture have failed to achieve their goals of scalability, security, and manageability. These systems, which base access decisions on the identity of the requester, have been found to be inflexible, don't scale well, and are difficult to use...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Karp, A.H.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Authentication
Authorization
Identity management systems
Security
Semiconductor optical amplifiers
Service oriented architecture
Web services
XML
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Several attempts at using the services oriented architecture have failed to achieve their goals of scalability, security, and manageability. These systems, which base access decisions on the identity of the requester, have been found to be inflexible, don't scale well, and are difficult to use and to upgrade. This paper shows that identity-based access control is a key contributor to these failures and proposes another way to approach the problem. Basing access control decisions on authorizations presented explicitly by the requester leads to a more securable and more robust architecture
ISSN:1556-0082
1556-0090
DOI:10.1109/C5.2006.9