Authorization Service for Web Services

by David H
The article that I found this week talked about the design issues for an authorization framework for Web Services. In the article, the author also emphasizes the features that required for authorization policy language for Web Services. In the design for authorization, the author addresses that there are some fundamental issue that we need to take into consideration. First step that we need to do is choose what types of information that used in the decision making process. It goes from static and generic information to specific information then to dynamic and specific information. These range was depend on system state. The second steps that we need to consider is the class of authorization policies that need to support in the Web Services architectures. The range is from identity based to role based to delegation to joint action then to dynamic separation of duty. Depend on types of information there can be different places which checks need to be performed by different authorities. For policy language features, the author mentions that using XML technology with own namespace and schemas it will help in a heterogeneous environment of We Service. For standard specifications, the author mentions that XML have encryption and signature.

I think this article relates to class because in class we have been discussed about authentication and Session in ASP.net. As we discussed in class, the authorization service provide by Microsoft.NET. From this article, I have learned that the type of information is crucial in designing a distributed authorization service for Web Services. We need to take deep into consideration, so when we design the web it won’t mess up. The other thing that I have learned from this article is policy language.

Reference

Indrakanti, S., Varadharajan, V., & Hitchens, M. (2005). Authorization service for web services and its application in a health care domain. International Journal of Web Services Research, 2(4), 94-119.