Policy control management for Web Services

Policy control management for Web Services

The decentralization of corporate policy administration aiming to maintain the unified management of user permissions is a hard task. The heterogeneity and complexity of corporate environments burdens the security administrator with writing equally complex policies. This paper proposes an architectu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Marcon, A.L., Santin, A.O., de Paula Lima, L.A., Obelheiro, R.R., Stihler, M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Authorization
Authorization Certificates
Computer science
Information security
Permission
Policy Management
Proposals
Prototypes
Resource management
Service oriented architecture
Web services
Web Services Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The decentralization of corporate policy administration aiming to maintain the unified management of user permissions is a hard task. The heterogeneity and complexity of corporate environments burdens the security administrator with writing equally complex policies. This paper proposes an architecture based on Web Services, policy provisioning, and authorization certificates, to build up a loosely coupled unified administrative control for corporate environments. A certificate-based permission management scheme is used to derive new policies in the local domains of each branch. These new policies will update the corporate repository which, in turn, will configure the corresponding policies in the local domains of each branch. The Web Services technology provides the underlying protocols for the development of a prototype which shows the feasibility of our proposal.
ISSN:1573-0077
DOI:10.1109/INM.2009.5188786