Securing SOAP e-services |
| |
| Authors: | E. Damiani S. De Capitani di Vimercati S. Paraboschi P. Samarati |
| |
| Affiliation: | (1) Dipartimento di Tecnologie dell’Informazione, Università di Milano, Via Bramante 65, 26013 Crema, Italy E-mail: {damiani,samarati}@dti.unimi.it, IT;(2) Dipartimento di Elettronica per l’Automazione, Università di Brescia, Via Branze 38, 25123 Brescia, Italy E-mail:decapita@ing.unibs.it, IT;(3) Dipartimento di Elettronica e Informazione, Politecnico di Milano, Piazza L. da Vinci 32, 20133 Milano, Italy E-mail: parabosc@elet.polimi.it, IT |
| |
| Abstract: | Remote service invocation via HTTP and XML promises to become an important component of the Internet infrastructure. Work is ongoing in the W3C XML Protocol Working Group to define a common standard, and solutions like SOAP and XML-RPC are already used in a few situations, demonstrating the potential. However, no standard technique for access control security is currently defined for these protocols. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that comprise a SOAP call. The result is a simple yet general technique to specify and enforce fine-grained access control for e-services. Published online: 13 November 2001 |
| |
| Keywords: | : SOAP – E-services – Access control – Digital certificates |
| 本文献已被 SpringerLink 等数据库收录! |
|
