Web Services are regarded as the premier building blocks of Service-Oriented Architectures (SOA). Founding on specifications for basic communication patterns and message syntax, a lot of additional Web Service specifications that address non-functional requirements have been introduced. The most relevant specifications for these non-functional requirements deal with security aspects of Web Serv...

We present a Description Logics approach to the management of XACML policies. We explain how policies can be mapped to a DL axiomatization, and how authorization requests can be answered using standard DL reasoning tools. Our model represents a valid substratum for managing policies whose expressivity can not be captured by standard engines. Furthermore, advanced security functionalities, as Po...

Web services are quickly becoming the most popular tool for distributed computing. Due to this popularity a comprehensive security architecture is needed. In this paper we introduced such a comprehensive architecture that includesin addition to the standard services of integrity and confidentialityauthentication, authorization and a defense against denial of service attacks. This model builds o...

We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study...

One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing security policies regulating interactions between parties and access to services and resources. Recent proposals for specifying and exchanging access control policies adopt XML-based languages. XML appears in fact a natural choice as the basis for the common secur...

Role-based access control (RBAC) is a commercially dominant model, standardized by the National Institute of Standards and Technology (NIST). Although RBAC provides compelling benefits for security management it has several known deficiencies such as role explosion, wherein multiple closely related roles are required (e.g., attendingdoctor role is separately defined for each patient). Numerous ...

Recently there has been a great amount of attention to access control languages that can cover large, open, distributed and heterogeneous environments like the Web. These languages aim to be flexible and extensible, with enough features to capture expressive and distributed security policies. However, with expressive languages such as XACML or WS-Policy, users have problems understanding the ov...

In Grid service environments, traditional identity based access control models are not effective, and access decisions need to be made based on service requesters’ attributes. All of previous attribute based access control (ABAC) models are lacking in protection of users’ privacy because in these models, access control decisions are made by providing the service provider with user attributes. T...

Data Types – Collections Collection Implementations Abstract Data Types 2501ICT/7421ICTNathanData Types 2501ICT/7421ICTNathan