Policy control management for Web Services

Policy control management for Web Services

The decentralization of corporate policy administration aiming to maintain the unified management of user permissions is a hard task. The heterogeneity and complexity of corporate environments burdens the security administrator with writing equally complex policies. This paper proposes an architectu...

Full description

Saved in:
Bibliographic Details
Published in:2009 IFIP/IEEE International Symposium on Integrated Network Management pp. 49 - 56
Main Authors: Marcon, A.L., Santin, A.O., de Paula Lima, L.A., Obelheiro, R.R., Stihler, M.
Format: Conference Proceeding
Language:English
Published: IEEE 01-06-2009
Subjects:
Access control
Authorization
Authorization Certificates
Computer science
Information security
Permission
Policy Management
Proposals
Prototypes
Resource management
Service oriented architecture
Web services
Web Services Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The decentralization of corporate policy administration aiming to maintain the unified management of user permissions is a hard task. The heterogeneity and complexity of corporate environments burdens the security administrator with writing equally complex policies. This paper proposes an architecture based on Web Services, policy provisioning, and authorization certificates, to build up a loosely coupled unified administrative control for corporate environments. A certificate-based permission management scheme is used to derive new policies in the local domains of each branch. These new policies will update the corporate repository which, in turn, will configure the corresponding policies in the local domains of each branch. The Web Services technology provides the underlying protocols for the development of a prototype which shows the feasibility of our proposal.
ISBN:9781424434862
1424434866
ISSN:1573-0077
DOI:10.1109/INM.2009.5188786