Using SAML and XACML for Web Service Security&Privacy

Using SAML and XACML for Web Service Security&Privacy

Tuncay Namli (Middle East Technical University, Turkey) and Asuman Dogac (Middle East Technical University, Turkey)
DOI: 10.4018/978-1-59904-639-6.ch008

Abstract

Web service technology changes the way of conducting business by opening their services to the whole business world over the networks. This property of Web services makes the security and privacy issues more important since the access to the services becomes easier. Many Web service standards are emerging to make Web services secure and privacy protected. This chapter discusses two of them; SAML (OASIS, 2005) and XACML (OASIS, 2005). SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. In other words, SAML handles the user authentication and also carries attribute information for authorization (access control). XACML is the complementary standard of OASIS to make the access control decisions. This work is realized within the scope of the IST 027074 SAPHIRE Project which is an intelligent healthcare monitoring and decision support system.

Complete Chapter List

Search this Book:
Reset