Study on Attribute-Based Access Control for Web Services

Web service is a new service-oriented computing paradigm which poses the unique Security challenges due to its inherent heterogeneity,multidomain characteristic and highly dynamic nature.A key challenge in Web services se- curity is the design of effective access control schemes.However,the most of current access control systems is based authorization decisions on subject identity,occrues serious administrative sealability and control granularity problems. In this paper,an attribute-based access control (ABAC) model is presented to address these issues.ABAC grants ac- cesses to services based on the attributes possessed by related entities,and can provide administratively scalable alterna- tive to identity-based authorization methods and provide fine-grained access control for Web services.Moreover,we de- velop a pattern for ABAC,discuss its application issues,and also describe the implementation architecture for the sys- tem in the end.