{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T19:04:40Z","timestamp":1754161480692,"version":"3.41.2"},"reference-count":22,"publisher":"Emerald","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,2,1]]},"abstract":"\n Purpose<\/jats:title>\n To define a framework for access control for virtual applications, enabled through web services technologies. The framework supports the loosely coupled manner in which web services are shared between partners.<\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n A background discussion on relevant literature, with an example is used to illustrate the problem that exists. To enable access control composition, an extension is proposed to authorisation specification language, together with publication of access control requirements of a web service provider.<\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n The framework shows that loosely coupled access control can be made possible by making use of the standard manner in which messages are communicated in XML, and by composing assertions with the access control policy of the provider in a consistent manner. Access to web service methods is only granted if permission can be derived for it, where the derivation step forms a formal proof.<\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n A basic framework has been defined. An architecture to support it must be defined. Only a very basic level of access control composition has been illustrated.<\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n The publication of access control requirements in standards such as WS-Policy can be considered.<\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n This paper offers a practical approach to address access control for web services.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/09685220510582656","type":"journal-article","created":{"date-parts":[[2005,3,21]],"date-time":"2005-03-21T18:44:32Z","timestamp":1111430672000},"page":"29-38","source":"Crossref","is-referenced-by-count":2,"title":["An access control framework for web services"],"prefix":"10.1108","volume":"13","author":[{"given":"M.","family":"Coetzee","sequence":"first","affiliation":[{"name":"School of Information Technology, University of Johannesburg, Johannesburg, South Africa"}]},{"given":"J.H.P.","family":"Eloff","sequence":"additional","affiliation":[{"name":"Information and Computer Security Architectures (ICSA) Research Group, Department of Computer Science, University of Pretoria, Pretoria, South Africa"}]}],"member":"140","reference":[{"key":"2025072819443106000_b1","unstructured":"Anderson, A.\n , Anderson, S., Adams, C., Beznosov, K., Brose, G. and Crocker, S.\u2008et al. (2003), Extensible Access Control Markup Language (XACML) 1.0 Specification, available at: www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=xacml."},{"key":"2025072819443106000_b2","unstructured":"Anderson, S.\n , Bohren, J., Boubez, T., Chanliau, M., Della-Libera, G. and Dixon, B.\u2008et al. (2004), Web Services Trust Language (WS-Trust), available at: www.ibm.com\/developerworks\/library\/ws-trust\/index.html."},{"key":"2025072819443106000_b3","unstructured":"Atkinson, A.\n , Bellwood, T., Cahuzac, M., Cl\u00e9ment, L., Colgrave, J. and Corda, U.\u2008et al. (2003), UDDI Version 3.0.1, available at: http:\/\/uddi.org\/pubs\/uddi-v3.0.1-20031014.htm."},{"key":"2025072819443106000_b4","unstructured":"Atkinson, B.\n , Della-Libera, G., Hada, S., Hondo, M., Hallam-Baker, P. and Kaler, C.\u2008et al. (2002), Web Services Security (WS-Security) Version 1.0, available at: www.verisign.com\/wss\/wss.pdf (accessed 5 April)."},{"key":"2025072819443106000_b5","unstructured":"Bartel, M.\n , Boyer, J., Eastlake, D., Fox, B., LaMacchia, B., Simon, E. and Solo, D. (2002), XML Signature, available at: www.w3.org\/TR\/2002\/REC-xmldsig-core-20020212\/."},{"issue":"11","key":"2025072819443106000_b6","first-page":"189","article-title":"Protecting information on the web","volume":"43","author":"Bertino","year":"2000","journal-title":"Communications of the ACM"},{"issue":"3","key":"2025072819443106000_b8","doi-asserted-by":"crossref","first-page":"241","DOI":"10.3233\/JCS-2002-10303","article-title":"A unified framework for regulating access and information release on the web","volume":"10","author":"Bonatti","year":"2002","journal-title":"Journal of Computer Security"},{"key":"2025072819443106000_b7","doi-asserted-by":"crossref","unstructured":"Bonatti, P.\n and Samarati, P. (2003), \u201cLogics for authorizations and security\u201d, in Chomicki, J., van der Meyden, R. and Saake, G. (Eds), Logics For Emerging Applications of Databases LNCS, Springer-Verlag, Heidelberg.","DOI":"10.1007\/978-3-642-18690-5_8"},{"key":"2025072819443106000_b9","unstructured":"Box, D.\n , Curbera, F., Hondo, M., Kale, C., Langworthy, D. and Nadalin, A.\u2008et al. (2003), Web Services Policy Framework (WS-Policy), available at: www.ibm.com\/developerworks\/library\/ws-policy\/index.html."},{"key":"2025072819443106000_b10","unstructured":"Box, D.\n , Ehnebuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Nielsen, H.F., Thatte, S. and Winer, D. (2000), Simple Object Access Protocol (SOAP) 1.1, available at: www.w3.org\/TR\/SOAP\/."},{"key":"2025072819443106000_b11","unstructured":"Christensen, E.\n , Curbera, F., Meredith, G. and Weerawarana, S. (2001), Web Services Description Language (WSDL) 1.1, available at: www.w3.org\/TR\/wsdl."},{"key":"2025072819443106000_b12","doi-asserted-by":"crossref","unstructured":"Damiani, E.\n , De Capitani Di Vimercati, S., Paraboschi, S. and Samarati, P. (2001), \u201cFine-grained access control for SOAP e-services\u201d, Proceedings of the 10th International World Wide Web Conference, Hongkong, 1-5 May.","DOI":"10.1145\/371920.372152"},{"key":"2025072819443106000_b13","unstructured":"Elsmari, R.A.\n and Navathe, S. (2000), Fundamentals of Database Systems, Addison-Wesley, Milano."},{"key":"2025072819443106000_b14","unstructured":"Foldoc\n (2003), Free, Online Dictionary of Computing, Supported by the Department of Computing Imperial College, available at: http:\/\/foldoc.doc.ic.ac.uk\/foldoc\/foldoc.cgi?query=assertion&action=Search."},{"issue":"2","key":"2025072819443106000_b15","doi-asserted-by":"crossref","DOI":"10.1147\/sj.412.0170","article-title":"Introduction to web services architecture","volume":"41","author":"Gottschalk","year":"2002","journal-title":"IBM Systems Journal"},{"key":"2025072819443106000_b16","unstructured":"Hallam-Baker, P.\n , Hodges, J., Maler, E., McLaren, C. and Irving, R. (2002), SAML 1.0 Specification, available at: www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=security."},{"key":"2025072819443106000_b17","unstructured":"Imamura, T.\n , Dillaway, B., Eastlake, D., Reagle, J. and Simon, E. (2002), XML Encryption, available at: www.w3.org\/TR\/xmlenc-core\/."},{"issue":"2","key":"2025072819443106000_b18","doi-asserted-by":"crossref","first-page":"214","DOI":"10.1145\/383891.383894","article-title":"Flexible support for multiple access control policies","volume":"26","author":"Jajodia","year":"2001","journal-title":"ACM Transactions on Database Systems"},{"key":"2025072819443106000_b19","unstructured":"Lischka, M.\n and Wedde, H.F. (2003), \u201cComposing heterogenous access policies between organizations\u201d, Proceedings of the IADIS International Conference e-Society, Lisbon, 3-6 June."},{"key":"2025072819443106000_b20","unstructured":"Myer, T.\n (2003), Grid Computing: Conceptual Flyover for Developers, available at: www-106.ibm.com\/developerworks\/library\/gr-fly.html."},{"key":"2025072819443106000_b21","unstructured":"Samarati, P.\n (2002), \u201cEnriching access control to support credential-based specifications\u201d, paper presented at the Workshop-Credential-Based Access Control in Open, Interoperable IT-Systems, Dortmund, 2 October, available at: http:\/\/ls6-www.cs.uni-dortmund.de\/issi\/cred_ws\/."},{"key":"2025072819443106000_b22","doi-asserted-by":"crossref","unstructured":"Sandu, R.\n (1996), \u201cAccess control: the neglected frontier\u201d, Proceedings of the 1st Australian Conference on Information Security and Privacy, Wollongong, 23-26 June, pp. 23-36.","DOI":"10.1007\/BFb0023301"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510582656\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/13\/1\/29\/1201634\/09685220510582656.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/13\/1\/29\/1201634\/09685220510582656.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T23:44:42Z","timestamp":1753746282000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/13\/1\/29\/176738\/An-access-control-framework-for-web-services"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,2,1]]},"references-count":22,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,2,1]]}},"URL":"https:\/\/doi.org\/10.1108\/09685220510582656","relation":{},"ISSN":["0968-5227","1758-5805"],"issn-type":[{"type":"print","value":"0968-5227"},{"type":"electronic","value":"1758-5805"}],"subject":[],"published":{"date-parts":[[2005,2,1]]}}}