Cited By
View all- Faravelon AChollet S(2013)Access Control in Service CompositionsService-Driven Approaches to Architecture and Enterprise Integration10.4018/978-1-4666-4193-8.ch007(165-187)Online publication date: 2013
An efficient access control based on role attributes in service oriented environments
Article No.: 73, Pages 1 - 7
Abstract
There are difficulties in applying role-based dynamic delegation to Web services. This is because XACML, which is a standard language for describing the access policies of Web services, does not support the dynamic delegation between roles in different domains. We propose role attributes to specify the characteristics of roles in different domains to support role-based dynamic delegation in a Web services system, which services in different administrative domains work together. The proposed method enables the dynamic delegation in a service-oriented system based on the proposed role attributes. Experimental results show that the proposed method performs better than previous methods, resulting in enhancing an authorization rate about 32 percent on average.
References
[1]
World Wide Web Consortium, Web services (2002), http://www.w3.org/2002/ws.
[2]
The Open Group, Service-Oriented Architecture (2006), http://opengroup.org/projects/soa/doc.tpl?gdid=10632.
[3]
Ferraiolo D. F., Cugini J. A., and Kuhn D. R. Role-Based Access Control (RBAC): Features and Motivations. in Proc. 11th Annual Computer Security Applications, pages. 241--248, 1995.
[4]
Chadwick D. W., in Securing Web Services: Practical Usage of Standards and Specifications. ed. Periorellis (IGI Global, United States, 2008,) pages. 112--138, 2008.
[5]
Tolone W., Ahn G. J., Pai T., and Hong S. P. Access Control in Collaborative Systems, ACM Computing Surveys 37, pages. 29--41, 2005.
[6]
Organization for the Advancement of Structured Information Standards, Security Assertion Markup Language (SAML) (2010), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
[7]
Organization for the Advancement of Structured Information Standards, Profiles for the OASIS Security Assertion Markup Language (SAML) (2005), http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf.
[8]
Organization for the Advancement of Structured Information Standards, XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
[9]
Organization for the Advancement of Structured Information Standards, Core and hierarchical role based access control (RBAC) profile of XACML v2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1-spec-os.pdf.
[10]
Chadwick W., Otenko S., and Nguyen T. A. Adding support to XACML for multi-domain user to user dynamic delegation of authority, International Journal Information Security 8, Vol. 8, Issue. 2, pages. 137--152, 2009.
[11]
Wang X., and Bayrak C. Injecting a Permission-based Delegation Model to Secure Web-based Workflow Systems, in Proc. IEEE International Conference on Intelligence and Security Informatics, pages. 101--106, 2009.
[12]
Lijun G., Lu Z., Zhiyong Z., and Lei X. The Role-Based Delegation Model with Time-Constraint and Transmission-Limitation, in Proc. International Conference on Signal Processing Systems, pages. 398--401, 2009.
[13]
Shang Q., and Wang X. Constraints for Permission-Based Delegations, in Proc. IEEE 8th International Conference on Computer and Information Technology, pages. 216--223, 2008.
[14]
Crampton J., and Khambhammettu H. Delegation in role-based access control, 11TH European Symposium on Research in Computer Security (ESORICS), pages. 123--136, 2007.
[15]
Ben-Ghorbel-Talbi M., Cuppens F., Cuppens-Boulahia N., and Bouhoula A. Revocation Schemes for Delegation Licenses, in Proc. 10th International Conference on Information and Communications Security, pages. 190--205, 2008.
Index Terms
- An efficient access control based on role attributes in service oriented environments
Recommendations
A network access control approach based on the AAA architecture and authorization attributes
Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or Mobile IP. This paper presents a particular scenario where ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web servicesThe OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
February 2012
852 pages
ISBN:9781450311724
DOI:10.1145/2184751
- Conference Chairs:
- Suk-Han Lee,
- Lajos Hanzo,
- Roslan Ismail,
- Program Chairs:
- Dongsoo S. Kim,
- Min Young Chung,
- Sang-Won Lee
Copyright © 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- SIGAPP: ACM Special Interest Group on Applied Computing
- SKKU: SUNGKYUNKWAN UNIVERSITY
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 February 2012
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
ICUIMC '12
Sponsor:
- SIGAPP
- SKKU
ICUIMC '12: The 6th International Conference on Ubiquitous Information Management and Communication
February 20 - 22, 2012
Kuala Lumpur, Malaysia
Acceptance Rates
Overall Acceptance Rate 251 of 941 submissions, 27%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 135Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 04 Oct 2024
Other Metrics
Citations
Cited By
View all- Faravelon AChollet S(2013)Access Control in Service CompositionsService-Driven Approaches to Architecture and Enterprise Integration10.4018/978-1-4666-4193-8.ch007(165-187)Online publication date: 2013
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in