论文信息 - Study on Action and Attribute-Based Access Control Model for Web Services

Study on Action and Attribute-Based Access Control Model for Web Services

For the fact that traditional Access Control models are mostly static, coarsely grained, and not well suited for solving the application in the security of web services. This paper extends access control models by introducing actions based on attribute-based access control. The model avoids the complex structure of multi-attribute and solves the problem that relevant dynamic authorization and permission changes. This paper structures the model by using SAML and XACML. The implementation of this model is given through examples.

Linlan Liu | Jian Shu | Bing Xia | Lianghong Shi

[1] Shih-Chien Chou,et al. An extended XACML model to ensure secure information access for web services , 2010, J. Syst. Softw..

[2] George Hsieh,et al. Supporting Secure Embedded Access Control Policy with XACML+XML Security , 2010, 2010 5th International Conference on Future Information Technology.

[3] Ernesto Damiani,et al. Fine grained access control for SOAP E-services , 2001, WWW '01.

[4] Li Xiao-feng. Model for attribute based access control , 2008 .

[5] Anura Gurugé. Web Services: Theory and Practice , 2004 .

[6] Ravi S. Sandhu,et al. The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[7] Jin Tong,et al. Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[8] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[9] Shen Hai. Study on Attribute-Based Access Control for Web Services , 2006 .

[10] Andreas Matheus,et al. How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.