Modeling permissions in a (U/X)ML world

In this paper we present a novel approach for the specification of access rights in a service oriented architecture. Being part of the SECTET framework for model driven security for B2B-workflows, our specification language SECTET-PL for permissions is influenced by the OCL specification language and is interpreted in the context of UML models. Concerning the technological side, SECTET-PL specifications are translated into platform independent XACML permissions interpreted by a security gateway.

[1]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[2]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[3]  Ruth Breu,et al.  Modelling inter-organizational workflow security in a peer-to-peer environment , 2005, IEEE International Conference on Web Services (ICWS'05).

[4]  M. Breu,et al.  Model driven security for Web services (MDS4WS) , 2004, 8th International Multitopic Conference, 2004. Proceedings of INMIC 2004..

[5]  Elisa Bertino,et al.  Access Control in Dynamic XML-Based Web-Services with X-RBAC , 2003, ICWS.

[6]  Ruth Breu,et al.  Model based development of access policies , 2007, International Journal on Software Tools for Technology Transfer.

[7]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[8]  Ruth Breu,et al.  Model Driven Security for Inter-organizational Workflows in e-Government , 2005, TCGOV.

[9]  Ruth Breu,et al.  Web Service Engineering - Advancing a New Software Engineering Discipline , 2005, ICWE.

[10]  Ruth Breu,et al.  Actor-Centric Modeling of User Rights , 2004, FASE.

[11]  Mario Piattini,et al.  Towards an integration of Security Requirements into Business Process Modeling , 2005, WOSIS.

[12]  Martin Gogolla,et al.  Specification and Validation of Authorisation Constraints Using UML and OCL , 2005, ESORICS.

[13]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..