CHARON
Security aspects are an integral part of any real world service network as most of the measures that aim at achieving a certain level of security have, at least to some extent, effects on applications and their interactions. The provision of an overall model and architecture for each and every aspect of security is out of the scope of the presented work, as many security measures in a service network are dependent on the service and service network topology. Specific threats also require specific counter measures which in most cases cannot be handled on an abstract architectural level only.
As a consequence, the specifications developed in the SANY project focus on those concepts that can be defined independently of the underlying and case specific security requirements. The main focus lies on flexible service access control that describes a general approach for the regulation of arbitrary access to resources through a service interface.
In this context access control (SAC in a service-oriented architecture) is understood as the ability to permit or deny the use of a particular resource by a particular entity. In general, access control mechanisms ensure that only authorized entities may access resources using well defined methods that comply with the security policy of the system. SAC manages authorized use of a resource. In contrast, information system security is the embracing concept that includes access control as well as cryptographic measures (encryption, signatures) to satisfy certain security requirements like integrity and confidentiality, or the ability to counter potential attacks or threats. Access control is only one basis of information system security.