In this paper, we introduce the authorization issues for Web Services. We introduce the authorization service provided by Microsoft/spl reg/ .NET MyServices and then briefly describe our proposed modifications and extensions to the authorization service. We discuss the application of the extended authorization model to a healthcare system built using Web Services. We used the XML access control language (XACL) to specify policies in XML and control access to the patient records stored in XML format. We then evaluated the suitability of XACL as an authorization policy language for Web Services.
Copyright 2004 IEEE. Reprinted from Proceedings of the IEEE International Conference on Web Services (ICWS'04), June 6-9, 2004, San Diego, California, USA. IEEE Computer Society 2004. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to email@example.com. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.