3PAC: Third Party Access Control for Web Services

Web Services fail to deliver on the promise of ubiquitous deployment and seamless interoperability due to the lack of a uniform, standards-based approach to all aspects of security. In particular, the enforcement of access policies in a Service Oriented Architecture is not addressed adequately. We present a novel approach to the distribution and enforcement of credentials-based access policies for Web Services (3PAC) which scales well and can be implemented in existing deployments.