An Approach to Automating the Integration of the Access Control Policies for Web Services

Access Control Policies are one of the key challenges affecting Service oriented Architectures (SoA). This is due to the nature of SoA, which is based on the distributed invocations of Web services. This makes it crucial to develop a method of on-line assignment for Access Control Policies and Web services. This paper proposes a service referred to as Access Control Policies (AC Polices), which allows the simulation and verification of information flow security for access control policies. It extends an existing approach that was proposed to coordinate invocations of Web services from a performance perspective, to harnesses the capability of Model-Driven Architecture (MDA) to automate the creation and integration of the Protocol Service and Access Control Policies (AC Polices) service, which are computed, generated and integrated automatically into the system. As a proof of the concept, the suggested approach was implemented in the form of an Oracle JDeveloper plugin. The paper concludes with the empirical results, detailing the performance-related aspects of the proposed method.