未找到相关数据
Securing SOAP e-services
被引:23
作者:
E. Damiani
S. De Capitani di Vimercati
S. Paraboschi
P. Samarati
机构:
[1] Dipartimento di Tecnologie dell’Informazione,
[2] Università di Milano,undefined
[3] Via Bramante 65,undefined
[4] 26013 Crema,undefined
[5] Italy E-mail: {damiani,undefined
[6] samarati}@dti.unimi.it,undefined
[7] Dipartimento di Elettronica per l’Automazione,undefined
[8] Università di Brescia,undefined
[9] Via Branze 38,undefined
[10] 25123 Brescia,undefined
[11] Italy E-mail:decapita@ing.unibs.it,undefined
[12] Dipartimento di Elettronica e Informazione,undefined
[13] Politecnico di Milano,undefined
[14] Piazza L. da Vinci 32,undefined
[15] 20133 Milano,undefined
[16] Italy E-mail: parabosc@elet.polimi.it,undefined
关键词:
Key words: SOAP – E-services – Access control – Digital certificates;
D O I:
10.1007/s102070100009
中图分类号:
学科分类号:
摘要:
Remote service invocation via HTTP and XML promises to become an important component of the Internet infrastructure. Work is ongoing in the W3C XML Protocol Working Group to define a common standard, and solutions like SOAP and XML-RPC are already used in a few situations, demonstrating the potential. However, no standard technique for access control security is currently defined for these protocols. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that comprise a SOAP call. The result is a simple yet general technique to specify and enforce fine-grained access control for e-services.
引用
收藏
页码:100 / 115
页数:15
相关论文