Title: On the design, implementation and application of an authorisation architecture for web services

Authors: Sarath Indrakanti, Vijay Varadharajan, Ritesh Agarwal

Addresses: Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, NSW 2109, Australia. ' Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, NSW 2109, Australia. ' Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, NSW 2109, Australia

Abstract: This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorisation of web services as well as the support for the management of authorisation information. The paper then describes the implementation aspects of the architecture. The architecture has been implemented and integrated within the .NET framework. The authorisation architecture for web services is demonstrated using a case study in the healthcare domain. The proposed architecture has several benefits. First and foremost, the architecture supports multiple access control models and mechanisms; it supports legacy applications exposed as web services as well as new web service-based applications built to leverage the benefits offered by the Service-Oriented Architecture; it is decentralised and distributed and provides flexible management and administration of web services and related authorisation information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to web services deployed on those platforms.

Keywords: access control; authorisation architecture; information security; computer security; web services; healthcare technology; legacy applications.

DOI: 10.1504/IJICS.2007.012245

International Journal of Information and Computer Security, 2007 Vol.1 No.1/2, pp.64 - 108

Published online: 31 Jan 2007 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article