Policy Conflict Detection in Composite Web Services with RBAC

In the Web services environment, RBAC (role-based access control) model is widely accepted as an efficient approach to manage the access control. By defining the authorization relationship between subject roles and object roles in the RBAC, authorization policies are utilized to simplify the authorization management on different Web services. But the scalability and complexity of composite Web services may cause authorization policy conflict. A new authorization policy added to the system may conflict with existing ones and result in authorization chaos and authorization leaking. And when implemented in the composite Web services, policy conflict detection would be of high cost with manually checking. That makes automatic policy conflict detection important to ensure the security of authorizations in the composited Web services. This paper analyzes the features of the authorization policy in the CWS-RBAC (RBAC for composite Web services) and presents methods of detecting policy conflict including subject role propagation conflict, object role composition conflict and context conflict. The experiment designed is to validate the efficiency of each conflict detection method.

[1]  Zahir Tari,et al.  A role based access control for Web services , 2004, IEEE International Conference onServices Computing, 2004. (SCC 2004). Proceedings. 2004.

[2]  Miroslaw Malek,et al.  Current solutions for Web service composition , 2004, IEEE Internet Computing.

[3]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[4]  Zhengping Wu,et al.  Dynamic policy conflict analysis for collaborative web services , 2010, 2010 International Conference on Network and Service Management.

[5]  R. Ciupa,et al.  International Conference , 2023, In Vitro Cellular & Developmental Biology - Animal.

[6]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[7]  Krysia Broda,et al.  Policy Conflict Analysis Using Free Variable Tableaux for Access Control in Web Services Environments , 2005 .

[8]  Anne H. Anderson An introduction to the Web Services Policy Language (WSPL) , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[9]  Mike P. Papazoglou,et al.  Service-oriented computing: concepts, characteristics and directions , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..