论文信息 - An Authorization Model without Central Authority for Service Collaboration

An Authorization Model without Central Authority for Service Collaboration

In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.

Chuang Lin | Xiaowen Chu | Yixin Jiang | Ran Yang

[1] Bogdan Carbunar,et al. Efficient access enforcement in distributed role-based access control (RBAC) deployments , 2009, SACMAT '09.

[2] Jayant Madhavan,et al. Composing Mappings Among Data Sources , 2003, VLDB.

[3] Jorge Lobo,et al. Policy decomposition for collaborative access control , 2008, SACMAT '08.

[4] Elisa Bertino,et al. SERAT: SEcure role mApping technique for decentralized secure interoperability , 2005, SACMAT '05.

[5] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[6] Sandro Etalle,et al. RBAC administration in distributed systems , 2007, SACMAT '08.

[7] Trent Jaeger,et al. An architecture for enforcing end-to-end access control over web applications , 2010, SACMAT '10.

[8] Barbara Carminati,et al. Privacy-Aware Collaborative Access Control in Web-Based Social Networks , 2008, DBSec.

[9] Elisa Bertino,et al. Workflow authorisation in mediator-free environments , 2006, Int. J. Secur. Networks.

[10] Xiaowen Chu,et al. Homonymous role in role-based discretionary access control , 2009 .

[11] Elisa Bertino,et al. Access control management in a distributed environment supporting dynamic collaboration , 2005, DIM '05.