An Attribute-Based Access Control Model for Web Services

Author

Shen, Hai-bo ; Fan Hong

Author_Institution

Sch. of Comput., Huazhong Univ. of Sci. & Technol., Wuhan

fYear

2006

fDate

Dec. 2006

Firstpage

74

Lastpage

79

Abstract

Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, most current access control systems base authorization decisions on subject´s identity. Administrative scalability and control granularity are serious problems in those systems, and they are not fit for Web services environment. So an attribute-based access control model (WS-ABAC) is presented to address these issues in this paper. WS-ABAC grants access to services based on attributes of the related entities, and uses automated trust negotiation mechanism to address the disclosure issue of the sensitive attributes. It can provide administratively scalable alternative to identity-based authorization methods and provide fine-grained access control for Web services. Moreover, it also can protect user´s privacy

Keywords

Web services; access control; authorisation; data privacy; Web services; administrative scalability; attribute-based access control; authorization; automated trust negotiation; control granularity; service-oriented computing; users privacy; Access control; Authorization; Automatic control; Computer security; Control systems; Electronic mail; Privacy; Protection; Scalability; Web services; Attribute-Based Access Control; Automated Trust Negotiation; Web Services; XACML;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel and Distributed Computing, Applications and Technologies, 2006. PDCAT '06. Seventh International Conference on

Conference_Location

Taipei

Print_ISBN

0-7695-2736-1

Type

conf

DOI

10.1109/PDCAT.2006.28

Filename

4032153