Web服务访问控制研究
|
摘要
Web services(Web服务)作为一种新兴的Web应用模式,是一种崭新的用于分布式环境中的计算模型。Web服务是在Internet网络上基于一系列开放的标准协议技术(如SOAP、UDDI和WSDL等)进行信息交互的,具有松散耦合、平台无关性、可复用性好、开放性等特点,这些使得Web服务在体系结构、设计、实现与部署等方面更加合理。面向Web服务体系的应用和发展,使得Internet上信息资源共享更为有效、广泛、便利。然而,随着网络发展和网络信息越来越丰富,资源共享越来越频繁,带来的网络信息安全问题也随之日益突出,其中,资源受到非法用户的访问和获取,成为Web服务安全的重要弱点之一。访问控制、授权管理是保护面向Web服务资源安全的重要技术和内容,也是当前面向服务的信息安全领域中的研究热点。
本文围绕着面向Web服务通信应用系统中的安全问题,对访问控制和授权管理进行了比较深入的研究。本文的研究内容主要围绕以下三个方面:
首先,研究了Web服务的主体和客体的动态特性,分析了Web服务的应用特点,提出了面向Web服务的动态分级访问控制模型。在面向服务的应用系统中,提出请求的主体和提供服务资源信息的客体都具有较高的动态特性,要求访问控制策略能满足适应主客体的动态变化,同时,Web服务应用系统具有服务和服务属性两种需要保护的信息。在提出的模型中,角色扮演者可以满足主客体动态变化特性的安全需求,分级访问控制策略思想可以同时保护服务和服务属性的信息。本文给出了模型的详细定义和描述,并给出了模型的授权机制和实现机制。
其次,针对大量用户增长的安全需求和资源信息细粒度化的应用特点,提出了面向Web服务的通用基于属性的访问控制模型。随着提供服务的企业发展,资源信息更为丰富。为了保护更细粒度的资源信息安全,系统基于资源的多种不同属性制定大量丰富的访问策略。同时,在许多服务应用环境里用户数目正在不断增长。这些使得用户——角色分配和角色权限管理的工作变得复杂、繁重,需要一个比较灵活的授权模型,能适应这些新的安全需求。本文提出的模型分析了访问策略中资源属性和用户属性的关系,提出了单一属性表达式和复合属性表达式、复合权限的概念,通过定义多组用户角色,灵活分配用户角色,降低了系统角色管理和权限管理复杂度,能适用于广泛普遍的服务应用环境。
最后,针对转授权委托中的时间限制,提出了基于周期时间限制的基于权限的转授权模型。本文描述了转授权模型的形式化定义,定义了模型的转授权判定条件,给出了转授权用户和被授权用户的资格判定条件,分析了模型的授权,给出了模型的授权树分析,最后给出了转授权撤销的几种方式。
Web services are well known of a new distributed computing mode, and are widely accepted because of its characters of reusing and interoperability. Web services are loosely coupled applications using well-known XML protocols (such as SOAP, UDDI, WSDL) for representation and communication across the Internet. With the application and development of Web services, resources are shared more widely and efficiently. However, the open nature of the Internet and its loop-coupling construction make Web services vulnerable to various types of security attacks. The Web services security becomes the important factor that restricts Web services further to develop. One aspect of security vulnerabilities in Web services is whether or not services are accessed by authorized users. It is valuable to study how to efficiently prevent unauthorized user from accessing Web services.
This dissertation focuses on the security issue of Web services security. The research is concerning the access control, and it can be divided into three parts:
Firstly, we study the dynamic characteristic of subject and object and application nature for Web services, and present a dynamic hierarchical RBAC model for Web services. In the environment of web service application, both the subject of invoking request and object of providing service resources have dynamic nature, so, this needs access policies be adapt to dynamic changement of subject and object. Also, both resource and resource attributes for Web services must be protected. In our presented model, actor can satisfy the needs of dynamic changement of subject and object, and hierarchical access policies can protect both information of resource and resource attributes. We define the model and give its detailed description, and give the authorization framework.
Secondly, we present a general attribute based access control model for Web services in order to satisfy security requirements of growing numbers of users and rich policies that involve many resource attributes. With the development of enterprises that providing services, system makes many access policies based on many resource attributes in order to protect resource information, and the numbers of users are increasing, which induce user-role assignment and permissions management to be formidable tasks. So, we present a new access control model to meet the security needs. The proposed model introduces notions of single attribute expression, composite attribute expression, and composition permission, and defines a set of elements and relations among its elements, and makes a set of rules that assign roles to user by inputing user’s attributes values. The model can support more granularity resource information and rich access control policies, and is a general access control model that can be used to wider applications for services.
Finally, we present periodicity constraints-based permission-based delegation model.The presented model combines periodicity constraints into PBDM model. We present delegation judgement condition, and also present qualification judgement conditions of delegator and delegatee, and give a delegation tree in analyzing delegation, and give several modes of revoking delegation.
本文围绕着面向Web服务通信应用系统中的安全问题,对访问控制和授权管理进行了比较深入的研究。本文的研究内容主要围绕以下三个方面:
首先,研究了Web服务的主体和客体的动态特性,分析了Web服务的应用特点,提出了面向Web服务的动态分级访问控制模型。在面向服务的应用系统中,提出请求的主体和提供服务资源信息的客体都具有较高的动态特性,要求访问控制策略能满足适应主客体的动态变化,同时,Web服务应用系统具有服务和服务属性两种需要保护的信息。在提出的模型中,角色扮演者可以满足主客体动态变化特性的安全需求,分级访问控制策略思想可以同时保护服务和服务属性的信息。本文给出了模型的详细定义和描述,并给出了模型的授权机制和实现机制。
其次,针对大量用户增长的安全需求和资源信息细粒度化的应用特点,提出了面向Web服务的通用基于属性的访问控制模型。随着提供服务的企业发展,资源信息更为丰富。为了保护更细粒度的资源信息安全,系统基于资源的多种不同属性制定大量丰富的访问策略。同时,在许多服务应用环境里用户数目正在不断增长。这些使得用户——角色分配和角色权限管理的工作变得复杂、繁重,需要一个比较灵活的授权模型,能适应这些新的安全需求。本文提出的模型分析了访问策略中资源属性和用户属性的关系,提出了单一属性表达式和复合属性表达式、复合权限的概念,通过定义多组用户角色,灵活分配用户角色,降低了系统角色管理和权限管理复杂度,能适用于广泛普遍的服务应用环境。
最后,针对转授权委托中的时间限制,提出了基于周期时间限制的基于权限的转授权模型。本文描述了转授权模型的形式化定义,定义了模型的转授权判定条件,给出了转授权用户和被授权用户的资格判定条件,分析了模型的授权,给出了模型的授权树分析,最后给出了转授权撤销的几种方式。
Web services are well known of a new distributed computing mode, and are widely accepted because of its characters of reusing and interoperability. Web services are loosely coupled applications using well-known XML protocols (such as SOAP, UDDI, WSDL) for representation and communication across the Internet. With the application and development of Web services, resources are shared more widely and efficiently. However, the open nature of the Internet and its loop-coupling construction make Web services vulnerable to various types of security attacks. The Web services security becomes the important factor that restricts Web services further to develop. One aspect of security vulnerabilities in Web services is whether or not services are accessed by authorized users. It is valuable to study how to efficiently prevent unauthorized user from accessing Web services.
This dissertation focuses on the security issue of Web services security. The research is concerning the access control, and it can be divided into three parts:
Firstly, we study the dynamic characteristic of subject and object and application nature for Web services, and present a dynamic hierarchical RBAC model for Web services. In the environment of web service application, both the subject of invoking request and object of providing service resources have dynamic nature, so, this needs access policies be adapt to dynamic changement of subject and object. Also, both resource and resource attributes for Web services must be protected. In our presented model, actor can satisfy the needs of dynamic changement of subject and object, and hierarchical access policies can protect both information of resource and resource attributes. We define the model and give its detailed description, and give the authorization framework.
Secondly, we present a general attribute based access control model for Web services in order to satisfy security requirements of growing numbers of users and rich policies that involve many resource attributes. With the development of enterprises that providing services, system makes many access policies based on many resource attributes in order to protect resource information, and the numbers of users are increasing, which induce user-role assignment and permissions management to be formidable tasks. So, we present a new access control model to meet the security needs. The proposed model introduces notions of single attribute expression, composite attribute expression, and composition permission, and defines a set of elements and relations among its elements, and makes a set of rules that assign roles to user by inputing user’s attributes values. The model can support more granularity resource information and rich access control policies, and is a general access control model that can be used to wider applications for services.
Finally, we present periodicity constraints-based permission-based delegation model.The presented model combines periodicity constraints into PBDM model. We present delegation judgement condition, and also present qualification judgement conditions of delegator and delegatee, and give a delegation tree in analyzing delegation, and give several modes of revoking delegation.
引文
[1] http://www.ondotnet.com/pub/a/dotnet/2003/08/18/soa_explained.html.
[2] http://www.iturls.com/English/SoftwareEngineering/SE_SDA.asp.
[3] http://www.service-architecture.com/.
[4] http://www.w3.org/TR/ws-arch/.
[5] Ramesh Nagappan,Robert Skoczylas,Rima Patel Sriganesh 著,庞太刚,陶程 译. Java Web 服务开发.北京:清华大学出版社,2004.
[6] World Wide Web Consortium (W3C) .Extensible Markup Language (XML)1.1 (Second Edition), http://www.w3.org/TR/xml11/ , August 2006.
[7] World Wide Web Consortium (W3C). SOAP Version 1.2 Part 1: Messaging Framework (Second Edition), http://www.w3.org/TR/soap12-part1/, April 2007.
[8] World Wide Web Consortium(W3C). Web Services Description Language (WSDL) Version 2.0 Part0:Primer, http://www.w3.org/TR/wsdl20-primer/, June 2007.
[9] OASIS. UDDI Version 3.0.2, http://uddi.org/pubs/uddi_v3.htm, October 2004.
[10] Matt Bishop 著,王立斌,黄征 等译.计算机安全学-安全的艺术与科学.北京:电子工业出版社,2005.
[11] Ruben Wolf, Thomas Keinz, Markus Schneider. A Model for Context-dependent Access Control for Web-based Services with Role-based Approach. In the Proceedings of the 14th International Workshop on Database and Expert Systems Applications (DEXA'03), Prague, Czech Republic. IEEE Computer Society 2003.pp.209-214.
[12] Wataru Yamazaki , Hironori Hiraishi, Fumio Mizoguchi. Designing an Agent-Based RBAC System for Dynamic Security Policy. Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE’04). 2004 Page(s):199-204.
[13] Pascal Fenkam, Schahram Dustdar, Engin Kirda, et al. Towards an Access Control System for Mobile Peer-to-Peer Collaborative Environments. Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies: Infrastructurefor Collaborative Enterprises (WETICE’02).2002. pp. 95-100.
[14] Elisa Bertino, Pietro Mazzoleni, Bruno Crispo, et al. Towards supporting fine-grained access control for Grid Resources. Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS 2004). 2004. pp.59-65.
[15] Eric Freudenthal, Tracy Pesin, Lawrence Port, et al. dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS’02). 2002. Page(s):411-420.
[16] Tatyana Ryutov, Clifford Neuman, Dongho Kim ,et al. Integrated Access Control and Intrusion Detection for Web Servers. IEEE Transactions on Parallel and Distributed Systems.2003, 14(9):841-850.
[17] Min-A Jeong, Jung-Ja Kim,and Yonggwan Won. A Flexible Database Security System using Multiple Access Control Policies. In the Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies(PDCAT'2003). 2003.pp.236-240.
[18] Jean Bacon, Ken Moody, Walt Yao. Access Control and Trust in the use of Widely Distributed Services. Software - Practice and Experience (SPE), 2003, 33(4): 375-394.
[19] Halvard Skogsrud, Boualem Benatallah, Fabio Casati. Model-Driven Trust Negotiation for Web Services. IEEE Internet Computing. 2003,7(6):45-52.
[20] James B.D. Joshi, Rafae Bhatti, Elisa Bertino, et al. Access-Control Language for Multidomain Environments. IEEE Internet Computing,2004, 8(6): 40-50.
[21] Christos K. Georgiadis, Ioannis Mavridis,George Pangalos,et al. Flexible Team-Based Access Control Using Contexts. In:Proceedings of the sixth ACM symposium on Access control models and technologies(SACMAT'01). Publisher: ACM Press.2001: 21-27.
[22] Andreas Schmietendorf,Reiner Dumke,Daniel Reitz. SLA Management – Challenges in the Context of Web-Service-Based Infrastructures. Proceedings of the IEEE International Conference on Web Services (ICWS'04), San Diego, California, USA. IEEE Computer Society 2004.pp. 606-613.
[23] Tao Yu, Kwei-Jay Lin. A Broker-Based Framework for QoS-Aware Web ServiceComposition. In the Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service( EEE '05). 2005. pp.22-29.
[24] Juntao Cui, Jiamao Liu, Yujin Wu, et al. An Ontology Modeling Method in Semantic Composition of Web Services. Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East’04). 2004.pp.270-273.
[25] David Skogan, Roy Grnmo, Ida Solheim.Web Service Composition in UML. Proceedings of the 8th IEEE International Enterprise Distributed Object Computing Conf (EDOC 2004). 2004.pp.47-57.
[26] Blake Dournaee 著,周永彬,贺也平,刘娟 译. XML 安全基础. 北京:清华大学出版社,2003.
[27] Moritz Y. Becker, Peter Sewell. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04). 2004. pp.139-154.
[28] Ninghui Li ,John C. Mitchell. RT: A Role-based Trust-management Framework. Proceedings of the DARPA Information Survivability Conference and Exposition(DISCEX). Washington,DC,2003. pp.201-212.
[29] Ninghui Li , John C. Mitchell, William H. Winsborough. Design of a Role-based Trust-management Framework. 2002 IEEE Symposium on Security and Privacy, May 12-15, 2002, Berkeley, California, USA. IEEE Computer Society. pp.114-130.
[30] SU Jin-dian,GUO He-gingt,GAO Yin. An Adaptive Trust Model of Web Services. Wuhan University Journal of Natural Sciences. 2005,10(1): 021-025.
[31] Matt Blaze,John Ioannidis,Angelos D. Keromytis. Trust Management for IPsec. ACM Transactions on Information and System Security (TISSEC). 2002,5(2): 95-118.
[32] WU Li-jun,SU Kai-let,YANG Zhi-hua.A Role-Based PMI Security Model for E-Government. Wuhan University Journal of Natural Sciences. 2005, 10(1): 329-332.
[33] WANG Lun-wei,LIAO Xiang-ke,WANG Huai-min. Access Request Trustworthiness in Weighted Access Control Framework. Wuhan University Journal of Natural Sciences. 2005,10(1): 065-069.
[34] Yang-Hua Chu,Joan Feigenbaum,Brian LaMacchia,et al. REFEREE: Trust Management for Web Applications. Computer Networks.1997. 29(8-13): 953-964.
[35] World Wide Web Consortium (W3C). XML Encryption Syntax and Processing. http://www.w3.org/TR/xmlenc-core/, December 2002.
[36] World Wide Web Consortium (W3C). XML-Signature Syntax and Processing. http://www.w3.org/TR/xmldsig-core/, February 2002.
[37] World Wide Web Consortium (W3C).XML Key Management Specification (XKMS 2.0). http://www.w3.org/TR/xkms2/, June 2005.
[38] OASIS. eXtensible Access Control Markup Language TC v1.0 (XACML). http://docs.oasis-open.org/xacml/2.0/, 2005.
[39] OASIS. Security Assertion Markup Language (SAML). http://docs.oasis-open.org/security/saml/v2.0/saml-2.0-os.zip,2004.
[40] John Kemp, Nokia .Liberty ID-WSF – a Web Services Framework. LIBERTY ALLIANCE PROJECT ,2004.
[41] Jothy Rosenberg, David L. Remy. Securing Web Services with WS-Security. Sams Publishing.2004.12.
[42] Liu Hong-yue, Fan Jiu-lun, Ma Jian-feng. Research Advances on Access Control. MINI-MICRO SYSTEMS, 2004, 25(1):56-59.
[43] 林闯,封富君,李俊山. 新型网络环境下的访问控制技术.软件学报,2007,18(4): 955-966.
[44] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, et al. Role-based access control models. IEEE Computer, 1996, 29 (2):38-47.
[45] Ferraiolo D.F.,Sandhu R.,Gavrila S.,et al.Proposed NIST Standard for Role Based Access Control.ACM Transactions on Information and System Security, 2001, 4(3):224-274.
[46] Xu Wei, Wei Jun, Liu Yu, et al. SOWAC: A Service-Oriented Workflow Access Control Model. Proceedings of the 28th Annual International Computer Software and Applications Conference (COMPSAC’04). 2004, vol.1:128-134.
[47] Rafael R. Obelheiro, Joni S. Fraga. Role-Based Access Control for CORBA Distributed Object Systems. Proceedings of the Seventh International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2002) .2002.pp.53-60.
[48] Bo Lang,You Lu,Xin Zhang,et al. A Flexible Access Control Mechanism Supporting Large Scale Distributed Collaboration. In: Proceedings of The 8th International Conference on Computer Supported Cooperative Work in Design . 2004, Vol.1:500-504.
[49] Chang. N. Zhang , Cungang Yang. An Object-Oriented RBAC Model for Distributed System. 2001 Working IEEE / IFIP Conference on Software Architecture (WICSA 2001), Amsterdam, The Netherlands. IEEE Computer Society .2001:24-32.
[50] Rafae Bhatti. Application of Cryptographic Approaches Toward an Effective Distributed Access Control Model.CS-555 Project Report.2004.
[51] Guangsen Zhang, Manish Parashar. Dynamic Context-aware Access Control for Grid Applications. In: Proceedings of the 4th International Workshop on Grid Computing (GRID 2003), 17 November 2003, Phoenix, AZ, USA, Proceedings. IEEE Computer Society. 2003: 101-108.
[52] Michael N.Huhns, Munindar P. Singh. Service-Oriented Computing: Key Concepts and Principles. IEEE Computer Society, 2005, 9(1):75-81.
[53] Huu Tran, Michael Hitchens, Vijay Varadharajan ,et al. A Trust based Access Control Framework for P2P File-Sharing Systems. In: Proceedings of the 38th Hawaii International Conference on System Sciences (HICSS-38 2005), January 2005, Big Island, HI, USA. IEEE Computer Society 2005.pp. 302c.
[54] Hazen A. Weber. Role-Based Access Control: The NIST Solution. SANS Institute 2003.October 8, 2003.
[55] Ninghui Li, Ziqing Mao. Administration in role-based access control. Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security(ASIACCS 2007), Singapore, ACM 2007.pp. 127-138.
[56] Mattas Andreas, Mavridis Ioannis,Ilioudis Christos, et al. DARBAC: Dynamically Administering Role Based Access Control. WSEAS Transactions on Information Science and Applications. 2006. 2(10):1777-1784.
[57] Yue Zhang, James B. D. Joshi. ARBAC07: A Role-based Administration Model for RBAC with Hybrid Hierarchy. Proceedings of the IEEE International Conference on Information Reuse and Integration(IRI 2007), Las Vegas, Nevada, USA. IEEE Systems, Man, and Cybernetics Society 2007.pp. 196-202.
[58] Hua Wang, Jinli Cao, Yanchun Zhang. A Flexible Payment Scheme and ItsRole-Based Access Control. IEEE Transactions on Knowledge and Data Engineering, 2005,17(3):425-436.
[59] Alex Roichman, Ehud Gudes. Fine-grained access control to web databases. Proceedings of the 12th ACM symposium on Access control models and technologies ,2007,pp.31-40.
[60] 邓集波, 洪帆. 基于任务的访问控制模型. 软件学报, 2003,14(1):76-82.
[61] Periorellis P, Parastatidis S. Task-based access control for virtual organizations. LNCS, 2005, 3409: 38-47.
[62] Matthew J. Moyer, Mustaque Ahamad. Generalized Role-Based Access Control. In: 21st International Conference on Distributed Computing Systems, 2001:391-398.
[63] Roshan K. Thomas. Team-based Access Control (TMAC):A Primitive for Applying Role-based Access Controls in Collaborative Environments. Proceedings of the second ACM workshop on Role-based access control RBAC'97, Publisher: ACM Press.1997,pp.13-19.
[64] Weigang Wang. Team-and-Role-Based Organizational Context and Access Control for Cooperative Hypermedia Environments. In: Proc. of the 10th ACM Conference on Hypertext and Hypermedia. Publisher: ACM Press. 1999,pp.37-46.
[65] Alotaiby, F.T., Chen, J.X. . A Model for Team-based Access Control (TMAC 2004). In: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04), Volume 1, 2004, pp.450 -454.
[66] Avigdor Gal, Vijayalakshmi Atluri. An Authorization Model for Temporal Data. Proceedings of the 7th ACM conference on Computer and communications security, Athens, Greece, ACM, 2000, pp.144-153.
[67] Elisa Bertino,Piero Andrea Bonatti. TRBAC: A Temporal Role-Based Access Control Model.ACM Transactions on Information and System Security, 2001,4(3): 191-223.
[68] Zhang Wan-song, Sun Welt, Liu Da-xin. Data Hiding and Security for XML Database:A TRBAC-Based Approach. Wuhan University Journal of Natural Sciences. 2005, 10(1):293-296.
[69] James B.D. Joshi,Elisa Bertino, Usman Latif,et al. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and DataEngineering, 2005,17(1):4-23.
[70] Basit Shafiq, Arjmand Samuel, Halima Ghafoor. A GTRBAC Based System for Dynamic Workflow Composition and Management. Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing(ISORC 2005), 2005,pp.284-290.
[71] Rafae Bhatti, Arif Ghafoor, Elisa Bertino, et al. X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. ACM Transactions on Information and System Security(TISSEC), May 2005, 8(2):187-227.
[72] Kai Ouyang,James B. D. Joshi. CT-RBAC: A Temporal RBAC Model with Conditional Periodic Time. IEEE International Performance, Computing, and Communications Conference(IPCCC 2007).2007. pp.467-474.
[73] Ravi Sandhu,Jaehong Park.Usage Control:A Vision for Next Generation Access Control. LNCS (2776), 2003,pp. 17-31.
[74] Helge Janicke, Antonio Cau, Hussein Zedan. A note on the formalisation of UCON. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, ACM 2007 ,pp. 163-168.
[75] Baoxian Zhao, Ravi S. Sandhu, Xinwen Zhang,et al. Towards a Times-Based Usage Control Model. The Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security(DBSec 2007), Redondo Beach, CA, USA. LNCS(4602). 2007.pp. 227-242.
[76] Rafae Bhatti, Daniel Sanz, Elisa Bertino,et al. A Policy-Based Authorization Framework for Web Services: Integrating XGTRBAC and WS-Policy. ICWS 2007, pp.447-454.
[77] Djamal Benslimane, Zakaria Maamar. Preface- Context-aware Web services. Distributed and Parallel Databases , 2007, 21(1):1-3.
[78] Steve Vinoski.Web Service References. IEEE Internet Computing. 2005. 9(2): 94-96.
[79] Steve Jones.Toward an Acceptable Definition of Service. IEEE Software.2005. 22(3):87-93.
[80] Steele R, Tao W. An architecture for unifying Web Services authentication andauthorization. LNCS,2005, 3826: 582-587.
[81] Indrakanti S, Varadharajan V. An authorization architecture for Web services. LNCS, 2005, 3654: 222-236.
[82] Warner J, Atluri V, Mukkamala R. An attribute graph based approach to map local access control policies to credential based access control policies. LNCS, 2005, 3803: 134-147.
[83] Dong JC, Yue WY. Application of integrated web services-based e-business and web services-based business process monitoring. LNCS, 2005, 3828: 375-384.
[84] Alam M, Hafner M, Breu R, et al. A framework for modeling restricted delegation in service oriented architecture. LNCS, 2006, 4083: 142-151.
[85] Tari Z, Bertok P, Simic D. A dynamic label checking approach for information flow control in web services. International Journal of Web Services Research, Jan-Mar 2006, 3 (1): 1-28.
[86] Casola V, Mazzeo A, Mazzocca N, et al. Design of policy-based security mechanisms in a distributed web services architecture. LNCS, 2006, 3732: 454-463.
[87] Wimmer M, Albutiu MC, Kemper A. Optimized workflow authorization in service oriented architectures. LNCS, 2006, 3995: 30-44.
[88] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, et al. Access Control in Dynamic XML-based Web-Services with X-RBAC. In: Proceedings of the First International Conference on Web Services. Las Vegas. CSREA Press,2003,pp.243-249.
[89] Adam Hess, Kent E. Seamons. An Access Control Model for Dynamic Client-Side Content. In:Proceedings of the eighth ACM symposium on Access control models and technologies (SACMAT '03). Como, Italy: ACM Press. 2003,pp.207-216 .
[90] Dirk Balfanz. Usable Access Control for the World Wide Web. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003). Las Vegas, NV, USA. IEEE Computer Society.2003,pp.406-415.
[91] Rafae Bhatti ,Elisa Bertino,Arif Ghafoor. A Trust-based Context-Aware Access Control Model for Web-Services. In:Proceedings of the IEEE International Conference on Web Services (ICWS'04), San Diego, California, USA. IEEE Computer Society 2004, pp. 184-191.
[92] Urs Hengartner, Peter Steenkiste. Exploiting Information Relationships For AccessControl. In: Proc. of Third IEEE International Conference on Pervasive Computing and Communications (PerCom 2005), Kauai Island, HI, March 2005, pp. 269-278.
[93] Robert Steele, William Gardner, Rajugan R., et al. A Design Methodology for User Access Control (UAC) Middleware. In the Proceedings of the IEEE International Conference on e-Technology, e-Commerce and e-Services 05, Hong Kong.pp. 385- 390.
[94] Ernesto Damiani,Sabrina De Capitani di,Stefano Paraboschi,et al. Fine Grained Access Control for SOAP E-Services. In the Proceedings of the Tenth International World Wide Web Conference(WWW 10), Hong Kong, China, ACM Press.2001, pp.504- 513.
[95] Indrakshi Ray. Applying Semantic Knowledge to Real-Time Update of Access Control Policies. IEEE Transactions on Knowledge and Data Engineering, 2005,17(6):844-858 .
[96] Zakaria Maamar,Soraya Kouadri Mostéfaoui, Qusay H. Mahmoud. Context for Personalized Web Services. 38th Hawaii International Conference on System Sciences (HICSS-38 2005), Big Island, HI, USA. IEEE Computer Society 2005. pp.166b.
[97] Vladimir Tosic,Bernard Pagurek. On Comprehensive Contractual Descriptions of Web Services. In the Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service(EEE '05). 2005. pp.444-449.
[98] Mark Burstein,Christoph Bussler, Michal Zaremba,et al. A Semantic Web Services Architecture. IEEE Internet Computing. 2005.9(5):72 -81.
[99] Mourad Ouzzani,Athman Bouguettaya. Efficient Access to Web Services. IEEE Internet Computing. 2004.8(2):34-44.
[100] Lalana Kagal,Tim Finin, Massimo Paolucci, et al. Authorization and Privacy for Semantic Web Services.IEEE Intelligent Systems [see also IEEE Intelligent Systems and Their Applications]. 2004. 19(4):50-56.
[101] Peng Liu ,Zhong Chen. An Extended RBAC Model for Web Services in Business Process. Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East’04).2004.pp.100-107.
[102] Li Guo, Yun-Heh Chen-Burger and Dave Roberston .Mapping a business process model to a semantic web service model. Proceedings of the IEEE InternationalConference on Web Services (ICWS’04). San Diego, California, USA. IEEE Computer Society 2004, pp.746-749.
[103] Thomas Ziebermayr, Stefan Probst. Web Service Authorization Framework. Proceedings of the IEEE International Conference on Web Services (ICWS’04). San Diego, California, USA. IEEE Computer Society 2004, pp.614-621.
[104] George Yee,Larry Korba.Privacy Policy Compliance for Web Services. Proceedings of the IEEE International Conference on Web Services (ICWS’04). San Diego, California, USA. IEEE Computer Society 2004.pp.158-165.
[105] R.J. Hulsebosch, A.H. Salden, M.S. Bargh, et al. Context Sensitive Access Control. 10th ACM Symposium on Access Control Models and Technologies(SACMAT’05), Stockholm, Sweden. Publisher:ACM Press.2005. pp.111-119.
[106] Roosdiana Wonohoesodo, Zahir Tari. A Role based Access Control for Web Services. In the Proceedings of the 2004 IEEE International Conference on Services Computing (SCC 2004), 15-18 September 2004, Shanghai, China. IEEE Computer Society 2004, pp.49-56.
[107] 严悍,张宏,许满武.基于角色访问控制对象建模及实现. 计算机学报, 2000, 23(10):1064-1071.
[108] 许峰,赖海光,黄皓 等.面向服务的角色访问控制技术研究.计算机学报, 2005, 28(4): 686-693.
[109] Xu Feng,Lin Guoyuan,Huang Hao,et al. Role-based Access Control System for Web Services. International Conference on Computer and Information Technology,Wuhan, IEEE Computer Society Press, 2004:357-362.
[110] 曹春,马晓星,吕建. SCoAC:一个面向服务计算的访问控制模型.计算机学报. 2006. 29(7):1209-1216.
[111] Shen Hai-bo, Hong Fan. An Attribute-Based Access Control Model for Web Services. Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06).2006. pp.74-79.
[112] Coetzee M, Eloff JHP. Web services access control architecture incorporating trust .Internet Research,2007,17 (3): 291-305.
[113] Missier P, Alper P, Corcho O, et al. Requirements and services for metadatamanagement .IEEE Internet Computing, Sep-Oct 2007,11 (5): 17-25.
[114] Stoupa K, Vakali A. Clustering subjects in a credential-based access control framework. Computers & Security, Mar 2007, 26 (2): 120-129.
[115] Djordjevic I, Dimitrakos T, Romano N, et al. Dynamic security perimeters for inter-enterprise service integration. Future Generation Computer Systems-The International Journal of Grid Computing Theory Methods and Applications, May 2007, 23 (4): 633-657.
[116] Koshutanski H, Martinelli F, Mori P, et al. A fine-grained and X.509-based access control system for globus. LNCS, 2006, 4276: 1336-1350.
[117] Skalka C, Wang XS. Trust but verify: Authorization for web services. Computer Systems Science and Engineering, Sep 2006, 21 (5): 381-392.
[118] Dorn C, Dustdar S. Sharing hierarchical context for mobile web services. DISTRIBUTED AND PARALLEL DATABASES, FEB 2007, 21 (1): 85-111.
[119] Kapsalis V, Hadellis L, Karelis D, et al. A dynamic context-aware access control architecture for e-services. Computers & Security, Oct 2006, 25 (7): 507-521.
[120] Zhang LJ. Web services in access, control, and pricing. International Journal of Web Services Research, Jul-Sep 2006, 3 (3): I-I .
[121] Bertino E, Squicciarini AC, Martino L, et al. An adaptive access control model for Web services. International Journal of Web Services Research, Jul-Sep 2006, 3 (3): 27-60.
[122] Ardagna CA, Cremonini M, Damiani E, et al. The architecture of a privacy-aware access control decision component. LNCS, 2006, 3956: 1-15.
[123] Chen HR. An evaluation of concurrency control protocols for web services oriented e-commerce. LNCS, 2006, 3882: 530-540.
[124] Bertino E, Squicciarini AC, Paloscia I, et al. Ws-AC: A fine grained access control system for Web services. World Wide Web-Internet and Web Information Systems, Jun 2006, 9 (2): 143-171.
[125] Mohammad A. Al-Kahtani, Ravi Sandhu. A Model for Attribute-Based User-Role Assignment, Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, IEEE Computer Society Press, 2002.pp.353-364.
[126] Mohammad A. Al-Kahtani, Ravi Sandhu. Induced role hierarchies withattribute-based RBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, Como, Italy, ACM Press, 2003.pp.142-148.
[127] Mohammad A. Al-Kahtani, Ravi Sandhu. Rule-Based RBAC with Negative Authorization, Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, Arizona, IEEE Computer Society Press, 2004.pp.405-415.
[128] Axel Kern,Claudia Walhorn. Rule Support for Role Based Access Control, Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, ACM Press, 2005.pp.130-138.
[129] Haibo Yu, Qi Xie,Haiyan Che. Description Logic Based Conflict Detection Methods for RB-RBAC Model. International Journal of Computer Science and Network Security(IJCSNS), 2006. 6(1A):120-125.
[130] Eric Yuan, Jin Tong. Attributed Based Access Control (ABAC) for Web Services, Proceedings of the 2005 IEEE International Conference on Web Services, Orlando, FL, USA. IEEE Computer Society 2005, 11-15 July 2005, pp.561-569.
[131] Chunxiao Ye,Zhongfu Wu.An Attribute-Based Delegation Model and Its Extension, Journal of Research and Practice in Information Technology. 2006. 38(1):3-17.
[132] Hristo Koshutanski, Fabio Massacci. A Negotiation Scheme for Access Rights Establishment in Autonomic Communication. Journal of Network and Systems Management. 2007. 15(1): 117-136.
[133] R. J. Hulsebosch, Mortaza S. Bargh, Gabriele Lenzini, et al. Context Sensitive Adaptive Authentication. Smart Sensing and Context, Second European Conference(EuroSSC 2007), Kendal, England. LNCS(4793) Springer 2007. pp. 93-109.
[134] Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu.A Rule-Based Framework for Role-Based Delegation. SACMAT’01, Chantilly, Virginia, USA. 2001, pp.153-162.
[135] Xinwen Zhang,Sejong Oh,Ravi Sandhu. PBDM: A Flexible Delegation Model in RBAC. In the Proceedings of 8th ACM Symposium on Access Control Models and Technologies(SACMAT 2003), Villa Gallia, Como, Italy. ACM 2003.pp.147-157.
[136] He Wang,Sylvia L. Osborn. Delegation in the Role Graph Model.In the Proceedings the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006), Lake Tahoe, California, USA, ACM.2006, pp.91-100.
[137] Jason Crampton,Hemanth Khambhammettu. Delegation in Role-Based Access Control. ESORICS 2006, LNCS 4189, 2006.pp. 174–191.
[138] Christin Groba, Stephan Gro?,Thomas Springer.Context-Dependent Access Control for Contextual Information. In the Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES '07), Vienna, Austria, IEEE Computer Society Press, 2007.pp.155-161.
[139] 孙波,赵庆松,孙玉芳. TRDM—具有时限的基于角色的转授权模型.计算机研究与发展.2004,41(7):1104-1109.
[140] 张宏,贺也平,石志国. 基于周期时间限制的自主访问控制委托模型.计算机学报,2006,29(8):1427-1437.
[141] 廖俊国,洪帆,朱更明 等. 基于信任度的授权委托模型.计算机学报.2005.29(8): 1265-1270.
[142] Miao Liu, He-Qing Guo, Jin-Dian Su. An Attribute and Role Based Access Control Model for Web Services. Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, 18-21 August 2005,pp.1302-1306.
[2] http://www.iturls.com/English/SoftwareEngineering/SE_SDA.asp.
[3] http://www.service-architecture.com/.
[4] http://www.w3.org/TR/ws-arch/.
[5] Ramesh Nagappan,Robert Skoczylas,Rima Patel Sriganesh 著,庞太刚,陶程 译. Java Web 服务开发.北京:清华大学出版社,2004.
[6] World Wide Web Consortium (W3C) .Extensible Markup Language (XML)1.1 (Second Edition), http://www.w3.org/TR/xml11/ , August 2006.
[7] World Wide Web Consortium (W3C). SOAP Version 1.2 Part 1: Messaging Framework (Second Edition), http://www.w3.org/TR/soap12-part1/, April 2007.
[8] World Wide Web Consortium(W3C). Web Services Description Language (WSDL) Version 2.0 Part0:Primer, http://www.w3.org/TR/wsdl20-primer/, June 2007.
[9] OASIS. UDDI Version 3.0.2, http://uddi.org/pubs/uddi_v3.htm, October 2004.
[10] Matt Bishop 著,王立斌,黄征 等译.计算机安全学-安全的艺术与科学.北京:电子工业出版社,2005.
[11] Ruben Wolf, Thomas Keinz, Markus Schneider. A Model for Context-dependent Access Control for Web-based Services with Role-based Approach. In the Proceedings of the 14th International Workshop on Database and Expert Systems Applications (DEXA'03), Prague, Czech Republic. IEEE Computer Society 2003.pp.209-214.
[12] Wataru Yamazaki , Hironori Hiraishi, Fumio Mizoguchi. Designing an Agent-Based RBAC System for Dynamic Security Policy. Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE’04). 2004 Page(s):199-204.
[13] Pascal Fenkam, Schahram Dustdar, Engin Kirda, et al. Towards an Access Control System for Mobile Peer-to-Peer Collaborative Environments. Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies: Infrastructurefor Collaborative Enterprises (WETICE’02).2002. pp. 95-100.
[14] Elisa Bertino, Pietro Mazzoleni, Bruno Crispo, et al. Towards supporting fine-grained access control for Grid Resources. Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS 2004). 2004. pp.59-65.
[15] Eric Freudenthal, Tracy Pesin, Lawrence Port, et al. dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS’02). 2002. Page(s):411-420.
[16] Tatyana Ryutov, Clifford Neuman, Dongho Kim ,et al. Integrated Access Control and Intrusion Detection for Web Servers. IEEE Transactions on Parallel and Distributed Systems.2003, 14(9):841-850.
[17] Min-A Jeong, Jung-Ja Kim,and Yonggwan Won. A Flexible Database Security System using Multiple Access Control Policies. In the Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies(PDCAT'2003). 2003.pp.236-240.
[18] Jean Bacon, Ken Moody, Walt Yao. Access Control and Trust in the use of Widely Distributed Services. Software - Practice and Experience (SPE), 2003, 33(4): 375-394.
[19] Halvard Skogsrud, Boualem Benatallah, Fabio Casati. Model-Driven Trust Negotiation for Web Services. IEEE Internet Computing. 2003,7(6):45-52.
[20] James B.D. Joshi, Rafae Bhatti, Elisa Bertino, et al. Access-Control Language for Multidomain Environments. IEEE Internet Computing,2004, 8(6): 40-50.
[21] Christos K. Georgiadis, Ioannis Mavridis,George Pangalos,et al. Flexible Team-Based Access Control Using Contexts. In:Proceedings of the sixth ACM symposium on Access control models and technologies(SACMAT'01). Publisher: ACM Press.2001: 21-27.
[22] Andreas Schmietendorf,Reiner Dumke,Daniel Reitz. SLA Management – Challenges in the Context of Web-Service-Based Infrastructures. Proceedings of the IEEE International Conference on Web Services (ICWS'04), San Diego, California, USA. IEEE Computer Society 2004.pp. 606-613.
[23] Tao Yu, Kwei-Jay Lin. A Broker-Based Framework for QoS-Aware Web ServiceComposition. In the Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service( EEE '05). 2005. pp.22-29.
[24] Juntao Cui, Jiamao Liu, Yujin Wu, et al. An Ontology Modeling Method in Semantic Composition of Web Services. Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East’04). 2004.pp.270-273.
[25] David Skogan, Roy Grnmo, Ida Solheim.Web Service Composition in UML. Proceedings of the 8th IEEE International Enterprise Distributed Object Computing Conf (EDOC 2004). 2004.pp.47-57.
[26] Blake Dournaee 著,周永彬,贺也平,刘娟 译. XML 安全基础. 北京:清华大学出版社,2003.
[27] Moritz Y. Becker, Peter Sewell. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04). 2004. pp.139-154.
[28] Ninghui Li ,John C. Mitchell. RT: A Role-based Trust-management Framework. Proceedings of the DARPA Information Survivability Conference and Exposition(DISCEX). Washington,DC,2003. pp.201-212.
[29] Ninghui Li , John C. Mitchell, William H. Winsborough. Design of a Role-based Trust-management Framework. 2002 IEEE Symposium on Security and Privacy, May 12-15, 2002, Berkeley, California, USA. IEEE Computer Society. pp.114-130.
[30] SU Jin-dian,GUO He-gingt,GAO Yin. An Adaptive Trust Model of Web Services. Wuhan University Journal of Natural Sciences. 2005,10(1): 021-025.
[31] Matt Blaze,John Ioannidis,Angelos D. Keromytis. Trust Management for IPsec. ACM Transactions on Information and System Security (TISSEC). 2002,5(2): 95-118.
[32] WU Li-jun,SU Kai-let,YANG Zhi-hua.A Role-Based PMI Security Model for E-Government. Wuhan University Journal of Natural Sciences. 2005, 10(1): 329-332.
[33] WANG Lun-wei,LIAO Xiang-ke,WANG Huai-min. Access Request Trustworthiness in Weighted Access Control Framework. Wuhan University Journal of Natural Sciences. 2005,10(1): 065-069.
[34] Yang-Hua Chu,Joan Feigenbaum,Brian LaMacchia,et al. REFEREE: Trust Management for Web Applications. Computer Networks.1997. 29(8-13): 953-964.
[35] World Wide Web Consortium (W3C). XML Encryption Syntax and Processing. http://www.w3.org/TR/xmlenc-core/, December 2002.
[36] World Wide Web Consortium (W3C). XML-Signature Syntax and Processing. http://www.w3.org/TR/xmldsig-core/, February 2002.
[37] World Wide Web Consortium (W3C).XML Key Management Specification (XKMS 2.0). http://www.w3.org/TR/xkms2/, June 2005.
[38] OASIS. eXtensible Access Control Markup Language TC v1.0 (XACML). http://docs.oasis-open.org/xacml/2.0/, 2005.
[39] OASIS. Security Assertion Markup Language (SAML). http://docs.oasis-open.org/security/saml/v2.0/saml-2.0-os.zip,2004.
[40] John Kemp, Nokia .Liberty ID-WSF – a Web Services Framework. LIBERTY ALLIANCE PROJECT ,2004.
[41] Jothy Rosenberg, David L. Remy. Securing Web Services with WS-Security. Sams Publishing.2004.12.
[42] Liu Hong-yue, Fan Jiu-lun, Ma Jian-feng. Research Advances on Access Control. MINI-MICRO SYSTEMS, 2004, 25(1):56-59.
[43] 林闯,封富君,李俊山. 新型网络环境下的访问控制技术.软件学报,2007,18(4): 955-966.
[44] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, et al. Role-based access control models. IEEE Computer, 1996, 29 (2):38-47.
[45] Ferraiolo D.F.,Sandhu R.,Gavrila S.,et al.Proposed NIST Standard for Role Based Access Control.ACM Transactions on Information and System Security, 2001, 4(3):224-274.
[46] Xu Wei, Wei Jun, Liu Yu, et al. SOWAC: A Service-Oriented Workflow Access Control Model. Proceedings of the 28th Annual International Computer Software and Applications Conference (COMPSAC’04). 2004, vol.1:128-134.
[47] Rafael R. Obelheiro, Joni S. Fraga. Role-Based Access Control for CORBA Distributed Object Systems. Proceedings of the Seventh International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2002) .2002.pp.53-60.
[48] Bo Lang,You Lu,Xin Zhang,et al. A Flexible Access Control Mechanism Supporting Large Scale Distributed Collaboration. In: Proceedings of The 8th International Conference on Computer Supported Cooperative Work in Design . 2004, Vol.1:500-504.
[49] Chang. N. Zhang , Cungang Yang. An Object-Oriented RBAC Model for Distributed System. 2001 Working IEEE / IFIP Conference on Software Architecture (WICSA 2001), Amsterdam, The Netherlands. IEEE Computer Society .2001:24-32.
[50] Rafae Bhatti. Application of Cryptographic Approaches Toward an Effective Distributed Access Control Model.CS-555 Project Report.2004.
[51] Guangsen Zhang, Manish Parashar. Dynamic Context-aware Access Control for Grid Applications. In: Proceedings of the 4th International Workshop on Grid Computing (GRID 2003), 17 November 2003, Phoenix, AZ, USA, Proceedings. IEEE Computer Society. 2003: 101-108.
[52] Michael N.Huhns, Munindar P. Singh. Service-Oriented Computing: Key Concepts and Principles. IEEE Computer Society, 2005, 9(1):75-81.
[53] Huu Tran, Michael Hitchens, Vijay Varadharajan ,et al. A Trust based Access Control Framework for P2P File-Sharing Systems. In: Proceedings of the 38th Hawaii International Conference on System Sciences (HICSS-38 2005), January 2005, Big Island, HI, USA. IEEE Computer Society 2005.pp. 302c.
[54] Hazen A. Weber. Role-Based Access Control: The NIST Solution. SANS Institute 2003.October 8, 2003.
[55] Ninghui Li, Ziqing Mao. Administration in role-based access control. Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security(ASIACCS 2007), Singapore, ACM 2007.pp. 127-138.
[56] Mattas Andreas, Mavridis Ioannis,Ilioudis Christos, et al. DARBAC: Dynamically Administering Role Based Access Control. WSEAS Transactions on Information Science and Applications. 2006. 2(10):1777-1784.
[57] Yue Zhang, James B. D. Joshi. ARBAC07: A Role-based Administration Model for RBAC with Hybrid Hierarchy. Proceedings of the IEEE International Conference on Information Reuse and Integration(IRI 2007), Las Vegas, Nevada, USA. IEEE Systems, Man, and Cybernetics Society 2007.pp. 196-202.
[58] Hua Wang, Jinli Cao, Yanchun Zhang. A Flexible Payment Scheme and ItsRole-Based Access Control. IEEE Transactions on Knowledge and Data Engineering, 2005,17(3):425-436.
[59] Alex Roichman, Ehud Gudes. Fine-grained access control to web databases. Proceedings of the 12th ACM symposium on Access control models and technologies ,2007,pp.31-40.
[60] 邓集波, 洪帆. 基于任务的访问控制模型. 软件学报, 2003,14(1):76-82.
[61] Periorellis P, Parastatidis S. Task-based access control for virtual organizations. LNCS, 2005, 3409: 38-47.
[62] Matthew J. Moyer, Mustaque Ahamad. Generalized Role-Based Access Control. In: 21st International Conference on Distributed Computing Systems, 2001:391-398.
[63] Roshan K. Thomas. Team-based Access Control (TMAC):A Primitive for Applying Role-based Access Controls in Collaborative Environments. Proceedings of the second ACM workshop on Role-based access control RBAC'97, Publisher: ACM Press.1997,pp.13-19.
[64] Weigang Wang. Team-and-Role-Based Organizational Context and Access Control for Cooperative Hypermedia Environments. In: Proc. of the 10th ACM Conference on Hypertext and Hypermedia. Publisher: ACM Press. 1999,pp.37-46.
[65] Alotaiby, F.T., Chen, J.X. . A Model for Team-based Access Control (TMAC 2004). In: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04), Volume 1, 2004, pp.450 -454.
[66] Avigdor Gal, Vijayalakshmi Atluri. An Authorization Model for Temporal Data. Proceedings of the 7th ACM conference on Computer and communications security, Athens, Greece, ACM, 2000, pp.144-153.
[67] Elisa Bertino,Piero Andrea Bonatti. TRBAC: A Temporal Role-Based Access Control Model.ACM Transactions on Information and System Security, 2001,4(3): 191-223.
[68] Zhang Wan-song, Sun Welt, Liu Da-xin. Data Hiding and Security for XML Database:A TRBAC-Based Approach. Wuhan University Journal of Natural Sciences. 2005, 10(1):293-296.
[69] James B.D. Joshi,Elisa Bertino, Usman Latif,et al. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and DataEngineering, 2005,17(1):4-23.
[70] Basit Shafiq, Arjmand Samuel, Halima Ghafoor. A GTRBAC Based System for Dynamic Workflow Composition and Management. Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing(ISORC 2005), 2005,pp.284-290.
[71] Rafae Bhatti, Arif Ghafoor, Elisa Bertino, et al. X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. ACM Transactions on Information and System Security(TISSEC), May 2005, 8(2):187-227.
[72] Kai Ouyang,James B. D. Joshi. CT-RBAC: A Temporal RBAC Model with Conditional Periodic Time. IEEE International Performance, Computing, and Communications Conference(IPCCC 2007).2007. pp.467-474.
[73] Ravi Sandhu,Jaehong Park.Usage Control:A Vision for Next Generation Access Control. LNCS (2776), 2003,pp. 17-31.
[74] Helge Janicke, Antonio Cau, Hussein Zedan. A note on the formalisation of UCON. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, ACM 2007 ,pp. 163-168.
[75] Baoxian Zhao, Ravi S. Sandhu, Xinwen Zhang,et al. Towards a Times-Based Usage Control Model. The Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security(DBSec 2007), Redondo Beach, CA, USA. LNCS(4602). 2007.pp. 227-242.
[76] Rafae Bhatti, Daniel Sanz, Elisa Bertino,et al. A Policy-Based Authorization Framework for Web Services: Integrating XGTRBAC and WS-Policy. ICWS 2007, pp.447-454.
[77] Djamal Benslimane, Zakaria Maamar. Preface- Context-aware Web services. Distributed and Parallel Databases , 2007, 21(1):1-3.
[78] Steve Vinoski.Web Service References. IEEE Internet Computing. 2005. 9(2): 94-96.
[79] Steve Jones.Toward an Acceptable Definition of Service. IEEE Software.2005. 22(3):87-93.
[80] Steele R, Tao W. An architecture for unifying Web Services authentication andauthorization. LNCS,2005, 3826: 582-587.
[81] Indrakanti S, Varadharajan V. An authorization architecture for Web services. LNCS, 2005, 3654: 222-236.
[82] Warner J, Atluri V, Mukkamala R. An attribute graph based approach to map local access control policies to credential based access control policies. LNCS, 2005, 3803: 134-147.
[83] Dong JC, Yue WY. Application of integrated web services-based e-business and web services-based business process monitoring. LNCS, 2005, 3828: 375-384.
[84] Alam M, Hafner M, Breu R, et al. A framework for modeling restricted delegation in service oriented architecture. LNCS, 2006, 4083: 142-151.
[85] Tari Z, Bertok P, Simic D. A dynamic label checking approach for information flow control in web services. International Journal of Web Services Research, Jan-Mar 2006, 3 (1): 1-28.
[86] Casola V, Mazzeo A, Mazzocca N, et al. Design of policy-based security mechanisms in a distributed web services architecture. LNCS, 2006, 3732: 454-463.
[87] Wimmer M, Albutiu MC, Kemper A. Optimized workflow authorization in service oriented architectures. LNCS, 2006, 3995: 30-44.
[88] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, et al. Access Control in Dynamic XML-based Web-Services with X-RBAC. In: Proceedings of the First International Conference on Web Services. Las Vegas. CSREA Press,2003,pp.243-249.
[89] Adam Hess, Kent E. Seamons. An Access Control Model for Dynamic Client-Side Content. In:Proceedings of the eighth ACM symposium on Access control models and technologies (SACMAT '03). Como, Italy: ACM Press. 2003,pp.207-216 .
[90] Dirk Balfanz. Usable Access Control for the World Wide Web. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003). Las Vegas, NV, USA. IEEE Computer Society.2003,pp.406-415.
[91] Rafae Bhatti ,Elisa Bertino,Arif Ghafoor. A Trust-based Context-Aware Access Control Model for Web-Services. In:Proceedings of the IEEE International Conference on Web Services (ICWS'04), San Diego, California, USA. IEEE Computer Society 2004, pp. 184-191.
[92] Urs Hengartner, Peter Steenkiste. Exploiting Information Relationships For AccessControl. In: Proc. of Third IEEE International Conference on Pervasive Computing and Communications (PerCom 2005), Kauai Island, HI, March 2005, pp. 269-278.
[93] Robert Steele, William Gardner, Rajugan R., et al. A Design Methodology for User Access Control (UAC) Middleware. In the Proceedings of the IEEE International Conference on e-Technology, e-Commerce and e-Services 05, Hong Kong.pp. 385- 390.
[94] Ernesto Damiani,Sabrina De Capitani di,Stefano Paraboschi,et al. Fine Grained Access Control for SOAP E-Services. In the Proceedings of the Tenth International World Wide Web Conference(WWW 10), Hong Kong, China, ACM Press.2001, pp.504- 513.
[95] Indrakshi Ray. Applying Semantic Knowledge to Real-Time Update of Access Control Policies. IEEE Transactions on Knowledge and Data Engineering, 2005,17(6):844-858 .
[96] Zakaria Maamar,Soraya Kouadri Mostéfaoui, Qusay H. Mahmoud. Context for Personalized Web Services. 38th Hawaii International Conference on System Sciences (HICSS-38 2005), Big Island, HI, USA. IEEE Computer Society 2005. pp.166b.
[97] Vladimir Tosic,Bernard Pagurek. On Comprehensive Contractual Descriptions of Web Services. In the Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service(EEE '05). 2005. pp.444-449.
[98] Mark Burstein,Christoph Bussler, Michal Zaremba,et al. A Semantic Web Services Architecture. IEEE Internet Computing. 2005.9(5):72 -81.
[99] Mourad Ouzzani,Athman Bouguettaya. Efficient Access to Web Services. IEEE Internet Computing. 2004.8(2):34-44.
[100] Lalana Kagal,Tim Finin, Massimo Paolucci, et al. Authorization and Privacy for Semantic Web Services.IEEE Intelligent Systems [see also IEEE Intelligent Systems and Their Applications]. 2004. 19(4):50-56.
[101] Peng Liu ,Zhong Chen. An Extended RBAC Model for Web Services in Business Process. Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East’04).2004.pp.100-107.
[102] Li Guo, Yun-Heh Chen-Burger and Dave Roberston .Mapping a business process model to a semantic web service model. Proceedings of the IEEE InternationalConference on Web Services (ICWS’04). San Diego, California, USA. IEEE Computer Society 2004, pp.746-749.
[103] Thomas Ziebermayr, Stefan Probst. Web Service Authorization Framework. Proceedings of the IEEE International Conference on Web Services (ICWS’04). San Diego, California, USA. IEEE Computer Society 2004, pp.614-621.
[104] George Yee,Larry Korba.Privacy Policy Compliance for Web Services. Proceedings of the IEEE International Conference on Web Services (ICWS’04). San Diego, California, USA. IEEE Computer Society 2004.pp.158-165.
[105] R.J. Hulsebosch, A.H. Salden, M.S. Bargh, et al. Context Sensitive Access Control. 10th ACM Symposium on Access Control Models and Technologies(SACMAT’05), Stockholm, Sweden. Publisher:ACM Press.2005. pp.111-119.
[106] Roosdiana Wonohoesodo, Zahir Tari. A Role based Access Control for Web Services. In the Proceedings of the 2004 IEEE International Conference on Services Computing (SCC 2004), 15-18 September 2004, Shanghai, China. IEEE Computer Society 2004, pp.49-56.
[107] 严悍,张宏,许满武.基于角色访问控制对象建模及实现. 计算机学报, 2000, 23(10):1064-1071.
[108] 许峰,赖海光,黄皓 等.面向服务的角色访问控制技术研究.计算机学报, 2005, 28(4): 686-693.
[109] Xu Feng,Lin Guoyuan,Huang Hao,et al. Role-based Access Control System for Web Services. International Conference on Computer and Information Technology,Wuhan, IEEE Computer Society Press, 2004:357-362.
[110] 曹春,马晓星,吕建. SCoAC:一个面向服务计算的访问控制模型.计算机学报. 2006. 29(7):1209-1216.
[111] Shen Hai-bo, Hong Fan. An Attribute-Based Access Control Model for Web Services. Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06).2006. pp.74-79.
[112] Coetzee M, Eloff JHP. Web services access control architecture incorporating trust .Internet Research,2007,17 (3): 291-305.
[113] Missier P, Alper P, Corcho O, et al. Requirements and services for metadatamanagement .IEEE Internet Computing, Sep-Oct 2007,11 (5): 17-25.
[114] Stoupa K, Vakali A. Clustering subjects in a credential-based access control framework. Computers & Security, Mar 2007, 26 (2): 120-129.
[115] Djordjevic I, Dimitrakos T, Romano N, et al. Dynamic security perimeters for inter-enterprise service integration. Future Generation Computer Systems-The International Journal of Grid Computing Theory Methods and Applications, May 2007, 23 (4): 633-657.
[116] Koshutanski H, Martinelli F, Mori P, et al. A fine-grained and X.509-based access control system for globus. LNCS, 2006, 4276: 1336-1350.
[117] Skalka C, Wang XS. Trust but verify: Authorization for web services. Computer Systems Science and Engineering, Sep 2006, 21 (5): 381-392.
[118] Dorn C, Dustdar S. Sharing hierarchical context for mobile web services. DISTRIBUTED AND PARALLEL DATABASES, FEB 2007, 21 (1): 85-111.
[119] Kapsalis V, Hadellis L, Karelis D, et al. A dynamic context-aware access control architecture for e-services. Computers & Security, Oct 2006, 25 (7): 507-521.
[120] Zhang LJ. Web services in access, control, and pricing. International Journal of Web Services Research, Jul-Sep 2006, 3 (3): I-I .
[121] Bertino E, Squicciarini AC, Martino L, et al. An adaptive access control model for Web services. International Journal of Web Services Research, Jul-Sep 2006, 3 (3): 27-60.
[122] Ardagna CA, Cremonini M, Damiani E, et al. The architecture of a privacy-aware access control decision component. LNCS, 2006, 3956: 1-15.
[123] Chen HR. An evaluation of concurrency control protocols for web services oriented e-commerce. LNCS, 2006, 3882: 530-540.
[124] Bertino E, Squicciarini AC, Paloscia I, et al. Ws-AC: A fine grained access control system for Web services. World Wide Web-Internet and Web Information Systems, Jun 2006, 9 (2): 143-171.
[125] Mohammad A. Al-Kahtani, Ravi Sandhu. A Model for Attribute-Based User-Role Assignment, Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, IEEE Computer Society Press, 2002.pp.353-364.
[126] Mohammad A. Al-Kahtani, Ravi Sandhu. Induced role hierarchies withattribute-based RBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, Como, Italy, ACM Press, 2003.pp.142-148.
[127] Mohammad A. Al-Kahtani, Ravi Sandhu. Rule-Based RBAC with Negative Authorization, Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, Arizona, IEEE Computer Society Press, 2004.pp.405-415.
[128] Axel Kern,Claudia Walhorn. Rule Support for Role Based Access Control, Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, ACM Press, 2005.pp.130-138.
[129] Haibo Yu, Qi Xie,Haiyan Che. Description Logic Based Conflict Detection Methods for RB-RBAC Model. International Journal of Computer Science and Network Security(IJCSNS), 2006. 6(1A):120-125.
[130] Eric Yuan, Jin Tong. Attributed Based Access Control (ABAC) for Web Services, Proceedings of the 2005 IEEE International Conference on Web Services, Orlando, FL, USA. IEEE Computer Society 2005, 11-15 July 2005, pp.561-569.
[131] Chunxiao Ye,Zhongfu Wu.An Attribute-Based Delegation Model and Its Extension, Journal of Research and Practice in Information Technology. 2006. 38(1):3-17.
[132] Hristo Koshutanski, Fabio Massacci. A Negotiation Scheme for Access Rights Establishment in Autonomic Communication. Journal of Network and Systems Management. 2007. 15(1): 117-136.
[133] R. J. Hulsebosch, Mortaza S. Bargh, Gabriele Lenzini, et al. Context Sensitive Adaptive Authentication. Smart Sensing and Context, Second European Conference(EuroSSC 2007), Kendal, England. LNCS(4793) Springer 2007. pp. 93-109.
[134] Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu.A Rule-Based Framework for Role-Based Delegation. SACMAT’01, Chantilly, Virginia, USA. 2001, pp.153-162.
[135] Xinwen Zhang,Sejong Oh,Ravi Sandhu. PBDM: A Flexible Delegation Model in RBAC. In the Proceedings of 8th ACM Symposium on Access Control Models and Technologies(SACMAT 2003), Villa Gallia, Como, Italy. ACM 2003.pp.147-157.
[136] He Wang,Sylvia L. Osborn. Delegation in the Role Graph Model.In the Proceedings the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006), Lake Tahoe, California, USA, ACM.2006, pp.91-100.
[137] Jason Crampton,Hemanth Khambhammettu. Delegation in Role-Based Access Control. ESORICS 2006, LNCS 4189, 2006.pp. 174–191.
[138] Christin Groba, Stephan Gro?,Thomas Springer.Context-Dependent Access Control for Contextual Information. In the Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES '07), Vienna, Austria, IEEE Computer Society Press, 2007.pp.155-161.
[139] 孙波,赵庆松,孙玉芳. TRDM—具有时限的基于角色的转授权模型.计算机研究与发展.2004,41(7):1104-1109.
[140] 张宏,贺也平,石志国. 基于周期时间限制的自主访问控制委托模型.计算机学报,2006,29(8):1427-1437.
[141] 廖俊国,洪帆,朱更明 等. 基于信任度的授权委托模型.计算机学报.2005.29(8): 1265-1270.
[142] Miao Liu, He-Qing Guo, Jin-Dian Su. An Attribute and Role Based Access Control Model for Web Services. Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, 18-21 August 2005,pp.1302-1306.