An Attribute-Based Access Control Model for Web Services

Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, most current access control systems base authorization decisions on subject's identity. Administrative scalability and control granularity are serious problems in those systems, and they are not fit for Web services environment. So an attribute-based access control model (WS-ABAC) is presented to address these issues in this paper. WS-ABAC grants access to services based on attributes of the related entities, and uses automated trust negotiation mechanism to address the disclosure issue of the sensitive attributes. It can provide administratively scalable alternative to identity-based authorization methods and provide fine-grained access control for Web services. Moreover, it also can protect user's privacy

[1]  Miao Liu,et al.  An attribute and role based access control model for Web services , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[2]  Fan Hong,et al.  A Context-Aware Role-Based Access Control Model for Web Services , 2005, ICEBE.

[3]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[4]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[5]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[6]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[7]  William H. Winsborough,et al.  Automated trust negotiation in attribute-based access control , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[8]  Pingzhi Fan,et al.  Proceedings of the 5th international conference on Parallel and Distributed Computing: applications and Technologies , 2004 .

[9]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[10]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[11]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[12]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .