Web Service Authorization framework

Web Services represent an important technology for distributed applications and will replace various other technologies for distributed application development soon. A lot of problems of the early days of Web Services are solved now. However, for authorization no appropriate solution is available and ready to use. We define requirements for authorization of Web Services and investigate existing authorization solutions concerning these requirements. Based on existing authorization solutions and the defined requirements, a Web Service Authorization framework is developed. We describe concepts and the design of the proposed framework and give an, overview of selected implementation aspects (e.g. authorization data access, descriptive deployment). The framework emphasizes easy deployment of Web Service authorization and is ready to use. Practical experience using the framework concludes the paper.