Secured Web Services Based on Extended Usage Control

摘要

With the worldwide dissemination of Internet, Web Service has become a promising paradigm of ubiquitous computing. However, one major stumbling block of using Web Service in ubiquitous environment is the lack of security enforcement. In this paper, we introduce a systematic approach to enhance Web Service with the access control, user authentication, and session management. Delegation of access right among distributed security manager has been added to the Usage Control model and formal description of access control model is defined. A set of Web service operations is devised for procedural implementation of the security model. Using the proposed operations we show how SSO (Single Sign On) can be realized in ubiquitous computing environments.