A Role-Based Authorization Model for Service-Oriented Architecture

Service-oriented architecture (SOA) is widely recognized as an especially effective solution for integrating loosely coupled and distributed resources. One of the major challenges in developing SOAbased applications is the management of authorization requirements in distributed environments. This paper proposes a formal authorization model based on a role-based access control model to demonstrate the approach for authorizing service requesters, to access a particular service and information under specific permissions in an SOA. The proposed model defines the authorization relationships and constraints among users (service requesters), roles, permissions, and services according to first-order logic and set theory. Furthermore, role hierarchy and service hierarchy are discussed to fulfill the requirements for authorization hierarchy. Finally, we use a health care system developed in a service-based architecture to demonstrate the utility of the concepts of the proposed authorization model.