{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:53:37Z","timestamp":1754157217629,"version":"3.41.2"},"reference-count":23,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2005,2,1]],"date-time":"2005-02-01T00:00:00Z","timestamp":1107216000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,2,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>Provide a secure solution for web services (WS). A new interoperable and distributed access control for WS is presented.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>Based on the separation of the access control (AC) and authorization function.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>Mechanisms presented allow seamless integration of external authorization entities in the AC system. The Semantic Policy Language (SPL) developed facilitates specification of policies and semantic policy validation. SPL specifications are modular and can be composed without ambiguity. Also addressed was the problem of the association of policies to resources (WS or their operations) in a dynamic, flexible and automated way.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>The ACProxy component is currently under development. Ongoing work is focused on achieving a richer \u201cuse control\u201d for some types of WS.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>Administrators of WS can specify AC policies and validate them to find syntactic and semantic errors. Components for automated validation of policies at different levels are included. This ensures that the AC policies produce the desired effects, facilitating the creation and maintenance of policies. It also provides mechanisms for the use of interoperable authorizations.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>A practical system that provides a secure solution to AC for WS. To the best of one's knowledge, no other system provides mechanisms for semantic validation of policies based on external authorization entities. Likewise, the mechanisms for interoperability of external authorization entities are also novel. The system provides content\u2010based access control and a secure, decentralized and dynamic solution for authorization that facilitates the management of complex systems and enhances the overall security of the AC.<\/jats:p><\/jats:sec>","DOI":"10.1108\/10662240510577095","type":"journal-article","created":{"date-parts":[[2005,2,9]],"date-time":"2005-02-09T11:07:23Z","timestamp":1107947243000},"page":"99-116","source":"Crossref","is-referenced-by-count":12,"title":["A metadata\u2010based access control model for web services"],"prefix":"10.1108","volume":"15","author":[{"given":"Mariemma I.","family":"Yag\u00fce","sequence":"first","affiliation":[]},{"given":"Antonio","family":"Ma\u00f1a","sequence":"additional","affiliation":[]},{"given":"Javier","family":"Lopez","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022020119453339300_b1","unstructured":"Berners\u2010Lee, T. (2000), \u201cSemantic web\u201d, available at: www.w3.org\/2000\/Talks\/1206\u2010xml2k\u2010tbl\/Overview.html."},{"key":"key2022020119453339300_b2","doi-asserted-by":"crossref","unstructured":"Bertino, E., Castano, S. and Ferrari, E. (2002), \u201cSecuring XML documents with Author\u2010X\u201d, IEEE Internet Computing, Vol. 5 No. 3, pp. 21\u201031.","DOI":"10.1109\/4236.935172"},{"key":"key2022020119453339300_b3","doi-asserted-by":"crossref","unstructured":"Chadwick, D.W. (2002), \u201cAn X.509 Role\u2010based Privilege Management Infrastructure. Business Briefing\u201d, Global Infosecurity, available at: www.permis.org\/.","DOI":"10.1145\/507711.507732"},{"key":"key2022020119453339300_b4","doi-asserted-by":"crossref","unstructured":"Damiani, E., de Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. (2002a), \u201cA fine\u2010grained access control system for XML documents\u201d, ACM Transactions on Information and System Security, Vol. 5 No. 2, pp. 169\u2010202.","DOI":"10.1145\/505586.505590"},{"key":"key2022020119453339300_b5","doi-asserted-by":"crossref","unstructured":"Damiani, E., de Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. (2002b), \u201cSecuring SOAP E\u2010services\u201d, International Journal of Information Security, Vol. 1 No. 2, pp. 100\u201015.","DOI":"10.1007\/s102070100009"},{"key":"key2022020119453339300_b6","doi-asserted-by":"crossref","unstructured":"Dierks, T. and Allen, C. (1999), \u201cThe TLS Protocol Version 1.0. IETF RFC 2246\u201d, available at: www.ietf.org\/rfc\/rfc2246.txt.","DOI":"10.17487\/rfc2246"},{"key":"key2022020119453339300_b7","doi-asserted-by":"crossref","unstructured":"Diffie, W. and Hellman, M. (1976), \u201cNew directions in cryptography\u201d, IEEE Transactions on Information Theory, Vol. 22 No. 6, pp. 644\u201054.","DOI":"10.1109\/TIT.1976.1055638"},{"key":"key2022020119453339300_b8","unstructured":"ITU (1997), \u201cITU\u2010T Recommendation X.509, Information Technology \u2013 Open systems interconnection \u2013 The Directory: Authentication Framework\u201d, available at: www.itu.int\/rec\/recommendation.asp?type=folders&lang=e&parent=T\u2010REC\u2010X.509."},{"key":"key2022020119453339300_b9","unstructured":"ITU (2000), \u201cITU\u2010T Recommendation X.509: Information Technology \u2013 Open systems interconnection \u2013 The Directory: Public\u2010key and Attribute Certificate Frameworks\u201d available at: www.itu.int\/rec\/recommendation.asp?type=folders&lang=&parent=T\u2010REC\u2010X.509."},{"key":"key2022020119453339300_b10","doi-asserted-by":"crossref","unstructured":"Kudo, M. and Hada, S. (2000), \u201cXML document security based on provisional authorisation\u201d, Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, 1\u20104 November, ACM, New York, NY.","DOI":"10.1145\/352600.352613"},{"key":"key2022020119453339300_b11","unstructured":"Lopez, J., Ma\u00f1a, A., Pimentel, E., Troya, J.M. and Yag\u00fce, M.I. (2002), \u201cAn infrastructure for secure content distribution\u201d, Proceedings of the 4th International Conference on Information and Communications Security, LNCS 2513 series, Springer\u2010Verlag, Berlin."},{"key":"key2022020119453339300_b12","unstructured":"OASIS (2000), Universal Description, Discovery and Integration, available at: www.uddi.org\/specification.html."},{"key":"key2022020119453339300_b13","unstructured":"OASIS (2002), Web Services Security, available at: www.oasis\u2010open.org\/committees\/wss\/."},{"key":"key2022020119453339300_b14","unstructured":"OASIS (2003), XACML 1.1 Specification Set, available at: www.oasis\u2010open.org\/committees\/tc_home.php?wg_abbrev=xacml."},{"key":"key2022020119453339300_b16","doi-asserted-by":"crossref","unstructured":"Sandhu, R., Ferraiolo, D. and Kuhn, R. (2000), \u201cThe NIST model for role\u2010based access control: towards a unified standard\u201d, Proceedings of the 5th ACM Workshop on Role\u2010based Access Control, Berlin, 26\u201027 July, ACM, New York, NY, pp. 47\u201063.","DOI":"10.1145\/344287.344301"},{"key":"key2022020119453339300_b15","doi-asserted-by":"crossref","unstructured":"Sandhu, R.S., Coyne, E.J., Feinstein, H.L. and Youman, C.E. (1996), \u201cRole\u2010based access control models\u201d, IEEE Computer, Vol. 29 No. 2, pp. 38\u201047.","DOI":"10.1109\/2.485845"},{"key":"key2022020119453339300_b17","unstructured":"Sundsted, T. (2002), \u201cWith Liberty and single sign\u2010on for all. The Liberty Alliance Project seeks to solve the current online identity crisis\u201d, available at: www.javaworld.com\/javaworld\/jw\u201002\u20102002\/jw\u20100215\u2010liberty_p.html."},{"key":"key2022020119453339300_b18","unstructured":"Thompson, M. (1999), \u201cCertificate\u2010based access control for widely distributed resources\u201d, Proceedings of the 8th USENIX Security Symposium, 23\u201026 August, Washington, DC, pp. 215\u201027."},{"key":"key2022020119453339300_b19","unstructured":"W3C (2000), SOAP: Simple Object Access Protocol 1.1, available at: www.w3.org\/TR\/2000\/NOTE\u2010SOAP\u201020000508\/."},{"key":"key2022020119453339300_b20","unstructured":"W3C (2001), Web Services Description Language 1.1, available at: www.w3c.org\/TR\/wsdl."},{"key":"key2022020119453339300_b21","unstructured":"W3C (2002), Semantic Web Activity Statement, available at: www.w3.org\/2001\/sw\/Activity."},{"key":"key2022020119453339300_b22","unstructured":"Yag\u00fce, M.I. (2002), \u201cOn the suitability of existing access control and DRM languages for mobile policies\u201d, Technical Report, No. LCC\u2010ITI\u20102002\u201010, Department of Computer Science, University of M\u00e1laga, M\u00e1laga."},{"key":"key2022020119453339300_b23","unstructured":"Yag\u00fce, M.I. (2003), \u201cModelo basado en Metadatos para la Integraci\u00f3n Sem\u00e1ntica en Entornos Distribuidos. Aplicaci\u00f3n al Escenario de Control de Accesos\u201d, PhD dissertation, Computer Science Department, University of M\u00e1laga, M\u00e1laga."}],"container-title":["Internet Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/10662240510577095","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/10662240510577095\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/10662240510577095\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:40:03Z","timestamp":1753400403000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/intr\/article\/15\/1\/99-116\/177001"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,2,1]]},"references-count":23,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,2,1]]}},"alternative-id":["10.1108\/10662240510577095"],"URL":"https:\/\/doi.org\/10.1108\/10662240510577095","relation":{},"ISSN":["1066-2243"],"issn-type":[{"type":"print","value":"1066-2243"}],"subject":[],"published":{"date-parts":[[2005,2,1]]}}}