ACCONV - An access control model for conversational Web services

Federica Paci, Massimo Mecella, Mourad Ouzzani, Elisa Bertino

Research output: Contribution to journalArticle

11 Citations (Scopus)

Abstract

With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including the protection of access control policies are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client's choices in terms of which operations to execute. We propose ACCONV, a novel model for access control in Web services that is suitable when interactions between the client and the Web service are conversational and long-running. The conversation-based access control model proposed in this article allows service providers to limit how much knowledge clients have about the credentials specified in their access policies. This is achieved while reducing the number of times credentials are asked from clients and minimizing the risk that clients drop out of a conversation with the Web service before reaching a final state due to the lack of necessary credentials. Clients are requested to provide credentials, and hence are entrusted with part of the Web service access control policies, only for some specific granted conversations which are decided based on: (1) a level of trust that the Web service provider has vis- à-vis the client, (2) the operation that the client is about to invoke, and (3) meaningful conversations which represent conversations that lead to a final state from the current one. We have implemented the proposed approach in a software prototype and conducted extensive experiments to show its effectiveness.

Original languageEnglish
Article number13
JournalACM Transactions on the Web
Volume5
Issue number3
DOIs
Publication statusPublished - 1 Jul 2011

Fingerprint

Access control
Web services
Experiments

Keywords

  • Access control
  • Conversations
  • Web services

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

ACCONV - An access control model for conversational Web services. / Paci, Federica; Mecella, Massimo; Ouzzani, Mourad; Bertino, Elisa.

In: ACM Transactions on the Web, Vol. 5, No. 3, 13, 01.07.2011.

Research output: Contribution to journalArticle

Paci, Federica ; Mecella, Massimo ; Ouzzani, Mourad ; Bertino, Elisa. / ACCONV - An access control model for conversational Web services. In: ACM Transactions on the Web. 2011 ; Vol. 5, No. 3.
@article{3f53add34eb7433f9da65cfd8703ad9f,
title = "ACCONV - An access control model for conversational Web services",
abstract = "With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including the protection of access control policies are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client's choices in terms of which operations to execute. We propose ACCONV, a novel model for access control in Web services that is suitable when interactions between the client and the Web service are conversational and long-running. The conversation-based access control model proposed in this article allows service providers to limit how much knowledge clients have about the credentials specified in their access policies. This is achieved while reducing the number of times credentials are asked from clients and minimizing the risk that clients drop out of a conversation with the Web service before reaching a final state due to the lack of necessary credentials. Clients are requested to provide credentials, and hence are entrusted with part of the Web service access control policies, only for some specific granted conversations which are decided based on: (1) a level of trust that the Web service provider has vis- {\`a}-vis the client, (2) the operation that the client is about to invoke, and (3) meaningful conversations which represent conversations that lead to a final state from the current one. We have implemented the proposed approach in a software prototype and conducted extensive experiments to show its effectiveness.",
keywords = "Access control, Conversations, Web services",
author = "Federica Paci and Massimo Mecella and Mourad Ouzzani and Elisa Bertino",
year = "2011",
month = "7",
day = "1",
doi = "10.1145/1993053.1993055",
language = "English",
volume = "5",
journal = "ACM Transactions on the Web",
issn = "1559-1131",
publisher = "Association for Computing Machinery (ACM)",
number = "3",

}

TY - JOUR

T1 - ACCONV - An access control model for conversational Web services

AU - Paci, Federica

AU - Mecella, Massimo

AU - Ouzzani, Mourad

AU - Bertino, Elisa

PY - 2011/7/1

Y1 - 2011/7/1

N2 - With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including the protection of access control policies are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client's choices in terms of which operations to execute. We propose ACCONV, a novel model for access control in Web services that is suitable when interactions between the client and the Web service are conversational and long-running. The conversation-based access control model proposed in this article allows service providers to limit how much knowledge clients have about the credentials specified in their access policies. This is achieved while reducing the number of times credentials are asked from clients and minimizing the risk that clients drop out of a conversation with the Web service before reaching a final state due to the lack of necessary credentials. Clients are requested to provide credentials, and hence are entrusted with part of the Web service access control policies, only for some specific granted conversations which are decided based on: (1) a level of trust that the Web service provider has vis- à-vis the client, (2) the operation that the client is about to invoke, and (3) meaningful conversations which represent conversations that lead to a final state from the current one. We have implemented the proposed approach in a software prototype and conducted extensive experiments to show its effectiveness.

AB - With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including the protection of access control policies are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client's choices in terms of which operations to execute. We propose ACCONV, a novel model for access control in Web services that is suitable when interactions between the client and the Web service are conversational and long-running. The conversation-based access control model proposed in this article allows service providers to limit how much knowledge clients have about the credentials specified in their access policies. This is achieved while reducing the number of times credentials are asked from clients and minimizing the risk that clients drop out of a conversation with the Web service before reaching a final state due to the lack of necessary credentials. Clients are requested to provide credentials, and hence are entrusted with part of the Web service access control policies, only for some specific granted conversations which are decided based on: (1) a level of trust that the Web service provider has vis- à-vis the client, (2) the operation that the client is about to invoke, and (3) meaningful conversations which represent conversations that lead to a final state from the current one. We have implemented the proposed approach in a software prototype and conducted extensive experiments to show its effectiveness.

KW - Access control

KW - Conversations

KW - Web services

UR - http://www.scopus.com/inward/record.url?scp=80051928978&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80051928978&partnerID=8YFLogxK

U2 - 10.1145/1993053.1993055

DO - 10.1145/1993053.1993055

M3 - Article

VL - 5

JO - ACM Transactions on the Web

JF - ACM Transactions on the Web

SN - 1559-1131

IS - 3

M1 - 13

ER -