Model-driven Development of Access Control Policies for Web Services
نویسندگان
چکیده
Web service-oriented architecture (WSOA) is a promising paradigm for future software development. Necessary identity management (IdM) architectures for WSOA are just being prepared to enable fine-grained access control. With the loose coupling of Web services with crosscutting identity services the question arises how to develop access control policies for Web services. In this paper we present a model-driven approach defining access control policies which are independent from the IdM architecture to which they are later applied. Therefore we develop a platform-independent access control model for WSOA and derive a platform-specific model from a given IdM product. We show how to map both models to a concrete language. Access control policies are then defined using our platform-independent language and transformed to platform-specific policies using explicitly defined transformation rules. We present a case study that applies our approach.
منابع مشابه
A model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملRole-Based Access Control for Model-Driven Web Applications
The Role-based Access Control (RBAC) model provides a safe and efficient way to manage access to information of an organization, while reducing the complexity and cost of security administration in large networked applications. However, Web Engineering frameworks that treat access control models as first-class citizens are still lacking so far. In this paper, we integrate the RBAC model in the ...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملA Logical Model for Security of Web Services
Business Processes for Web Services are the new paradigm for the lightweight integration of business from different enterprises. Yet, there is not a comprehensive proposal for a logical framework for access control for business processes though logics for access control policies for basic web services are well studied. In this paper we propose a logical framework for reasoning (deduction, abduc...
متن کاملWeb services access control architecture incorporating trust
Purpose – This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users. Design/methodology/approach – A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is define...
متن کامل