An adaptive access control model for Web services

被引:11
作者
Bertino, Elisa [1 ]
Squicciarini, Anna C.
Martino, Lorenzo
Paci, Federica
机构
[1] Purdue Univ, W Lafayette, IN 47907 USA
[2] Univ Milan, I-20122 Milan, Italy
关键词
access control; authorization; security; trust negotiation; WSDL;
D O I
10.4018/jwsr.2006070102
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper presents an innovative access control model, referred to as Web service Access Control Version 1 (Ws-AC1), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can be associated with a single service and can speck for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also be negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.
引用
收藏
页码:27 / 60
页数:34
相关论文
共 23 条
[1]  
[Anonymous], OASIS EXTENSIBLE ACC
[2]  
[Anonymous], ACM T INFORM SYST, DOI DOI 10.1145/605434.605435
[3]  
ARDAGNA C, 1908, P 1 INT WORKSH VIEWS, P25
[4]  
ARDAGNA C, 2004, P 1 INT WORKSH VIEWS, P25
[5]   An access control system for a web map management service [J].
Bertino, E ;
Damiani, ML ;
Momini, D .
14TH INTERNATIONAL WORKSHOP ON RESEARCH ISSUES ON DATA ENGINEERING: WEB SERVICES FOR E-COMMERCE AND E-GOVERNMENT APPLICATIONS, PROCEEDINGS, 2004, :33-39
[6]   X-TNL:: An XML-based language for trust negotiations [J].
Bertino, E ;
Ferrari, E ;
Squicciarini, A .
IEEE 4TH INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2003, :81-84
[7]  
BERTINO E, 2005, IN PRESS WORLD WIDE
[8]  
BERTINO E, 2005, UNPUB WORLD WIDE WEB
[9]  
Damianou N, 2001, LECT NOTES COMPUT SC, V1995, P18
[10]  
Gavriloaie R, 2004, LECT NOTES COMPUT SC, V3053, P342