A metadata-based access control model for web services

One of the most relevant advantages of Web Services (WS) is their simplicity of access on the Internet. However, this feature also makes them vulnerable to a series of security threats. Additionally, the application of WS to many interesting problems is currently hindered by the lack of mechanisms that provide, among others, adequate access control functionalities for this scenario. In fact, access control and authorization are critical because of the specific characteristics of WS. When considering the requirements of this scenario we must highlight not only flexibility of the access control system for dissimilar security policies, but also the control over a large number of elements and the distributed nature of these ones. Other important issues are dynamism of the WS environment, and interoperability of authorization mechanisms for the integration of multiple WS from various sources. The present work introduces an access control model for WS that addresses all previous issues. The model is built on the basis of separation of the authorization and access control management responsibilities. We introduce mechanisms for the semantic integration of an external Privilege Management Infrastructure (PMI) and present the Semantic Policy Language (SPL) for the description of access criteria based on attribute certificates.