UDDI ACCESS CONTROL FOR THE EXTENDED ENTERPRISE
Robert Steele, Juan Dai
2005
Abstract
An Extended Enterprise is comprised of not only the enterprise itself but also the enterprise’s suppliers, clients and other associated organizations. The Extended Enterprise, in response to business needs and decisions, can dynamically alter these interrelationships, for example possibly swapping out some partners and swapping in others. Web services are an appropriate technology choice to facilitate the Extended Enterprise via supporting interoperability. Furthermore, the UDDI Web service standard and in particular a private UDDI registry can enable partner organizations to lookup and discover services of their new partners. As such a private UDDI registry is well suited to allowing potentially regularly changing business partners in an Extended Enterprise to determine how to interoperate with each other. However, different partners, depending on their role, should see a different set of the available services in an enterprises’ private UDDI registry. This is for security, business confidentiality and simplicity purposes. As such in this paper we propose how a role-based access control scheme for a private UDDI registry can be utilized to support the Extended Enterprise.
References
- Adams, C. & Boeyen, S., 2002. UDDI and WSDL Extensions for Web Services: A Security Framework, Proceedings of the ACM workshop on XML security, Session 2, p. 30-35.
- Dai, J., Steele, R., 2005. UDDI Access Control. In Proceedings of the 2005 International Conference on Information Technology and Applications, Sydney, Australia.
- Bertino, E., Castano, S. & Ferrari, E., 2001. Securing XML Documents with Author-X, IEEE Internet Computing, Vol. 5, Iss. 3, pg. 21-31
- http://www.xtradyne.com/documents/whitepapers/Xtradyn e-WebServices_Security_Proxies.pdf (Accessed September 2004).
- Damiani, E., Vimercati, S., Paraboschi, S. & Samarati, P., 2002. A Fine-Grained Access Control System for XML Documents, ACM Transactions on Information and System Security, Vol. 5, No. 2, pg. 169-202
- Damiani, E., Vimercati, S., & Samarati, P., 2002. Towards Securing XML Web Services. Proceedings of the 2002 ACM workshop on XML security, Session 4, p. 90-96
- Extensible Access Control Markup Language Version 1.0 [Online], 2003, Available: http://www.oasisopen.org/committees/download.php/2406/oasisxacml-1.0.pdf
- Ferraiolo, D. & Kuhn, R., 1992. Role-Based Access Control. Proceedings of 15th National Computer Security Conference, pg 554-563
- Gabillon, A. & Bruno, E., 2001. Regulating Access to XML Documents. Proceedings of the fifteenth annual working conference on Database and application security, pg. 299-314
- Goldman, S.L., 1994. Co-operating to Compete: From Alliances to Virtual Companies, in CMA. p. 13-17.
- Oasis, 2003. A Brief Introduction to XACML [Online], Available: http://www.oasisopen.org/committees/download.php/2713/Brief_Introd uction_to_XACML.html (Accessed September 2004)
- Oasis, 2004. XACML Profile for Role Based Access Control [Online], 2004, Available: http://docs.oasisopen.org/xacml/cd-xacml-rbac-profile-01.pdf
- Whitman, L., Krishnan, K., Agarwal, R., Bhandare, P., 1999. Engineering the Extended Enterprise. Proceedings of the 4th Annual International Conference on Industrial Engineering Theory, Applications and Practice, Nov 17-19, 1999, San Antonio, Texas, USA.
Paper Citation
in Harvard Style
Steele R. and Dai J. (2005). UDDI ACCESS CONTROL FOR THE EXTENDED ENTERPRISE . In Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 972-8865-20-1, pages 176-181. DOI: 10.5220/0001232601760181
in Bibtex Style
@conference{webist05,
author={Robert Steele and Juan Dai},
title={UDDI ACCESS CONTROL FOR THE EXTENDED ENTERPRISE},
booktitle={Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2005},
pages={176-181},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001232601760181},
isbn={972-8865-20-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - UDDI ACCESS CONTROL FOR THE EXTENDED ENTERPRISE
SN - 972-8865-20-1
AU - Steele R.
AU - Dai J.
PY - 2005
SP - 176
EP - 181
DO - 10.5220/0001232601760181