Maarten Rits scite author profile

Abstract. The need for enterprise application integration projects leads to complex composite applications. For the sake of security and efficiency, consolidated access control policies for composite applications should be provided. Such a policy is based on the policies of the corresponding autonomous sub-applications and has the following properties: On the one hand, it needs to be as restrictive as possible to block requests which do not comply with the integrated sub-applications' policies. Thereby, unsuccessful executions of requests are prevented at an early stage. On the other hand, the composite policy must grant all necessary privileges in order to make the intended functionality available to legitimate users.In this paper, we present our formal model and respective algorithmic solutions for consolidating the access control of composite applications. The generated policies conform to the presented requirements of the least privileges paradigm and, thus, allow to revise and optimize the access control of composite applications. We demonstrate this by means of Web service workflows that constitute the state of the art for the realization of business processes.

show abstract

XacT

Rits¹,

Boe²,

Schaad³

2005

SIGSOFT Softw. Eng. Notes

View full text Add to dashboard Cite

In this paper we describe the eXtreme access control Tool (XacT) which provides an automated way to obtain access control information out of multi-layered applications. We believe that based on this information consistent access control policies can be specified to prevent over-privileged accounts. The main difficulty, that leads to these over-privileged accounts, comes from the distinction that must be made between identifying which users should perform a workflow task (resource management) and which users are allowed to perform a task (access control), as well as the fact that access control enforcement is typically spread over different layers in applications (e.g. database layer, operating system layer, workflow layer). In this paper, we present an automated way to obtain access control information out of multilayered applications. We base our observations on recent insights into workflow controlled judicial information systems 1 .

show abstract

XacT

Rits¹,

Boe²,

Schaad³

2005

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Maarten Rits

Towards secure SOAP message exchange in a SOA

Consolidating the Access Control of Composite Applications and Workflows

XacT

XacT

Contact Info

Product

Resources

About