Abstract:
Security issues are one of the major deterrents to Web Services adoption
in mission critical applications and to the realization of the dynamic e-
Business vision of Service Oriented Computing. Role Based Access Control
(RBAC) is a common approach for authorization as it greatly simplifies complex
authorization procedures in enterprise information systems. However, as
most RBAC implementations rely on the manual setup of pre-defined user-ID
and password combinations to identify the particular user, this makes it very
hard to conduct dynamic e-Business as the service requestor and service provider
must have prior knowledge of each other before the transaction. This paper
proposes a new Web Services security architecture which unifies the authorization
and authentication pro~sses by extending current digital certificate
technologies. It enables secure Web Service authorization decisions between
parties even if previously unknown to each other and it also enhances the trustworthiness
of service discovery.
