Title :
Enforcing Role-Based Access Control Policies in Web Services with UML and OCL
Author :
Sohr, Karsten ; Mustafa, Tanveer ; Bao, Xinyu ; Ahn, Gail-Joon
Author_Institution :
Center for Comput. Technol., Univ. Bremen, Bremen
Abstract :
Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.
Keywords :
Unified Modeling Language; Web services; authorisation; ontologies (artificial intelligence); OCL; UML; Web services; generic authorization engine; role-based access control; role-based authorization constraints; Access control; Application software; Authorization; Computer security; Engines; Hospitals; Logic design; Military computing; Unified modeling language; Web services;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.35
