Action-Based Access Control for Web Services

Web services over the Internet are widely used nowadays. The problem of secure access to Web-based systems is of great importance naturally. Compared with the existing models, the Action-Based Access Control (ABAC) model is the most suitable to control the access on Web services. In this paper, the ABAC model is introduced. Then, the security architecture of ABAC for Web services is proposed. In the architecture, the Action server manages the action information, the Domain server determines the security rank of request resources, and the Resource server storing the resources with different security ranks responses the request from the user. The cookie is extended with security properties.

[1]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[2]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[3]  Indrakshi Ray,et al.  Short Paper: Towards a Location-Aware Role-Based Access Control Model , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[4]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[5]  Ernesto Damiani,et al.  Supporting location-based conditions in access control policies , 2006, ASIACCS '06.

[6]  Junzhong Gu,et al.  Ex-RBAC: An Extended Role Based Access Control Model for Location-aware Mobile Collaboration System , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[7]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.

[8]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[9]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[10]  P. R. Rao,et al.  GenericWA-RBAC: Role Based Access Control Model for Web Applications , 2006, 9th International Conference on Information Technology (ICIT'06).

[11]  Nora Kamprath,et al.  Supporting attribute-based access control with ontologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[12]  Reiner Kraft,et al.  Designing a distributed access control processor for network services on the Web , 2002, XMLSEC '02.

[13]  Zahir Tari,et al.  A role based access control for Web services , 2004, IEEE International Conference onServices Computing, 2004. (SCC 2004). Proceedings. 2004.

[14]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[15]  David F. Ferraiolo,et al.  Role Based Access Control for the World Wide Web , 1997 .

[16]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[17]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[18]  Liang Xiao-yan Action-Based Access Control Model and Administration of Actions , 2008 .

[19]  Liu Hong-yue Access control model and its application for collaborative information systems , 2008 .

[20]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[21]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[22]  Sandro Etalle,et al.  RBAC administration in distributed systems , 2007, SACMAT '08.

[23]  Gail-Joon Ahn,et al.  Injecting RBAC to secure a Web-based workflow system , 2000, RBAC '00.

[24]  Fan Hong,et al.  An Attribute-Based Access Control Model for Web Services , 2006, PDCAT.

[25]  Elisa Bertino,et al.  An analysis of expressiveness and design issues for the generalized temporal role-based access control model , 2005, IEEE Transactions on Dependable and Secure Computing.

[26]  Leo W. Jeffres,et al.  White Ethnics and their Media Images , 1979 .