Web Services Enabled E-Market Access Control Model

With the dramtic expansion of global e-markets, companies collaborate more and more in order to streamline their supply chains. Companies often form coalitions to reach the critical mass required to bid on a large volume or wide ranges of products. Meanwhile, they also compete with one another for market shares. Because of the complex relationships among companies, controlling the access to shared information found in e-markets is a challenging task. Currently, there is a lack of comprehensive approach in access control that can be used to maintain data security in e-markets. We propose to integrate several known access control mechanisms such as role-based access control, coalition-based access control, and relationship driven access control into an e-market access control (EMAC) model. In this paper, we present a web services based architecture for EMAC and the associated concepts and algorithms. We also illustrate via an automotive e-market example how the EMAC model can support e-market access control.

[1]  Joon S. Park,et al.  Access control mechanisms for inter-organizational workflow , 2001, SACMAT '01.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[4]  Gail-Joon Ahn,et al.  The rcl 2000 language for specifying role-based authorization constraints , 2000 .

[5]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[6]  Roshan K. Thomas,et al.  Models for coalition-based access control (CBAC) , 2002, SACMAT '02.

[7]  W.M.P. van der Aalst,et al.  Interorganizational workflows: An approach based on message sequence charts and petri nets , 1999 .

[8]  Heather Kreger,et al.  Fulfilling the Web services promise , 2003, CACM.

[9]  Silvana Castano,et al.  Managing Workflow Authorization Constraints through Active Database Technology , 2001, Inf. Syst. Frontiers.

[10]  Frank Leymann,et al.  Web services and business process management , 2002, IBM Syst. J..

[11]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[12]  Ramesh Nagappan,et al.  Developing Java Web Services , 2002 .

[13]  Sarah Spiekermann,et al.  Protecting One’s Privacy – Insights into the Views and Nature of the Early Adopters of Privacy Services , 2004 .

[14]  Andreas Geppert,et al.  Federating Heterogeneous Workflow Systems , 1998 .

[15]  Anne H. H. Ngu,et al.  Business-to-business interactions: issues and enabling technologies , 2003, The VLDB Journal.

[16]  Oliver Günther,et al.  Provable Security for Outsourcing Database Operations , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[17]  Michael J. Shaw,et al.  Web-based e-catalog systems in B2B procurement , 2000, Commun. ACM.

[18]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[19]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[20]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.