Role-Based Access Control for Model-Driven Web Applications

The Role-based Access Control (RBAC) model provides a safe and efficient way to manage access to information of an organization, while reducing the complexity and cost of security administration in large networked applications. However, Web Engineering frameworks that treat access control models as first-class citizens are still lacking so far. In this paper, we integrate the RBAC model in the design method of Semantic Web applications. More specifically, this work presents an extension of the SHDM method (Semantic Hypermedia Design Method), where these access control models were included and seamlessly integrated with the other models of this method. The proposed model allows the specification of semantic access control policies. SHDM is a model-driven approach to design Web applications for the Semantic Web. This extension was implemented in the Synth environment, which is an application development environment that supports designs using SHDM.

[1]  François Bry,et al.  Semantic Techniques for the Web, The REWERSE Perspective , 2009, REWERSE.

[2]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[3]  Daniel Schwabe,et al.  Design and Implementation of Linked Data Applications Using SHDM and Synth , 2011, ICWE.

[4]  Stefano Ceri,et al.  Web Modeling Language (WebML): a modeling language for designing Web sites , 2000, Comput. Networks.

[5]  Gustavo Rossi,et al.  An Object Oriented Approach to Web-Based Applications Design , 1998, Theory Pract. Object Syst..

[6]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[7]  Nora Koch,et al.  The Expressive Power of UML-based Web Engineering1 , 2002 .

[8]  James A. Hendler,et al.  N3Logic: A logical framework for the World Wide Web , 2007, Theory and Practice of Logic Programming.

[9]  Jan Hladik,et al.  RBAC AUTHORIZATION DECISION WITH DL REASONING , 2008 .

[10]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[11]  Hannes Mühleisen,et al.  SWRL-based Access Policies for Linked Data , 2010 .

[12]  Joe Presbrey,et al.  Using RDF Metadata To Enable Access Control on the Social Semantic Web , 2009 .

[13]  Butler W. Lampson,et al.  Dynamic protection structures , 1899, AFIPS '69 (Fall).

[14]  Ramaswamy Chandramouli,et al.  Role-Based Access Control (2nd ed.) , 2007 .

[15]  Gustavo Rossi,et al.  Web Engineering , 2001, Lecture Notes in Computer Science.

[16]  G. Rossi,et al.  An Object Oriented Approach to Web-Based Application Design , 1998 .

[17]  Piero A. Bonatti,et al.  Rule-Based Policy Representations and Reasoning , 2009, REWERSE.

[18]  Fernanda Lima,et al.  Application modeling for the semantic Web , 2003, Proceedings of the IEEE/LEOS 3rd International Conference on Numerical Simulation of Semiconductor Optoelectronic Devices (IEEE Cat. No.03EX726).

[19]  Flavius Frasincar,et al.  Engineering Semantic Web Information Systems in Hera , 2003, J. Web Eng..

[20]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.