A web service can be composed of multiple component web services in a loosely-coupled environment. Traditional Role Based Access Control (RBAC) is inadequate for the authorization management of composite services since the administration of the component web services has not been taken into consideration. In this paper, we propose a novel conceptual model, named as Service Oriented Authorization Control (SOAC) to facilitate the administration and management for both service consumers and component web services. A set of administrative functions are also provided for managing the elements of SOAC. This research will be the first step towards managing service-oriented authorization.
Copyright 2010 IEEE. Reprinted from 2010 IEEE International Conference on Services Computing : proceedings, Miami, Florida, USA, 5-10 July 2010. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to email@example.com. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.