A Framework for Modeling Restricted Delegation in Service Oriented Architecture

We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language for modeling access rights based on the concept of Role Based Access Control (RBAC). SECTET-PL is part of the SECTET framework for model-driven security for B2B workflows. Our Rights Delegation Model combines the concept of roles from RBAC with the predicative specification of SECTET-PL. The Rights Delegation Models are translated into XACML Delegation Policies, which are interpreted by a security gateway.

[1]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[2]  Jun Wang,et al.  Extending the security assertion markup language to support delegation for Web services and grid services , 2005, IEEE International Conference on Web Services (ICWS'05).

[3]  Ruth Breu,et al.  Modeling Authorization in an SOA based Application Scenario , 2006, IASTED Conf. on Software Engineering.

[4]  Ruth Breu,et al.  Web Service Engineering - Advancing a New Software Engineering Discipline , 2005, ICWE.

[5]  Ruth Breu,et al.  Actor-Centric Modeling of User Rights , 2004, FASE.

[6]  Anna van Raaphorst OASIS (Organization for the Advancement of Structured Information Standards) , 2006 .

[7]  Sung Je Hong,et al.  Workflow-Based Authorization Service in the Grid , 2004, Journal of Grid Computing.

[8]  Athena Vakali,et al.  XML-Based Revocation and Delegation in a Distributed Environment , 2004, EDBT Workshops.

[9]  BongNam Noh,et al.  A New Role-Based Delegation Model Using Sub-role Hierarchies , 2003, ISCIS.

[10]  Ruth Breu,et al.  Model Driven Security for Inter-organizational Workflows in e-Government , 2005, TCGOV.

[11]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[12]  Gang Yin,et al.  Trust Management with Safe Privilege Propagation , 2005, APPT.

[13]  M. Breu,et al.  Model driven security for Web services (MDS4WS) , 2004, 8th International Multitopic Conference, 2004. Proceedings of INMIC 2004..

[14]  Axel Uhl,et al.  Model-Driven Architecture , 2002, OOIS Workshops.

[15]  Ruth Breu,et al.  A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together , 2005, ICEIS.

[16]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[17]  Ruth Breu,et al.  Modelling inter-organizational workflow security in a peer-to-peer environment , 2005, IEEE International Conference on Web Services (ICWS'05).

[18]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[19]  Ruth Breu,et al.  Modelling inter-organizational workflow security in a peer-to-peer environment , 2005, IEEE International Conference on Web Services (ICWS'05).

[20]  Ruth Breu,et al.  Modeling permissions in a (U/X)ML world , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[21]  Chen Li,et al.  Using Trust for Restricted Delegation in Grid Environments , 2005, ISPEC.