A trust-based context-aware access control model for Web-services

Author

Bhatti, Rafae ; Bertino, Elisa ; Ghafoor, Arif

Author_Institution

Sch. of Electr. & Comput. Eng., Purdue Univ., West Lafayette, IN, USA

fYear

2004

fDate

6-9 July 2004

Firstpage

184

Lastpage

191

Abstract

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based role based access control (X-RBAC) framework that incorporates context-based access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and also describe the implementation architecture for the system.

Keywords

Internet; XML; authorisation; Web based access control; Web service environment; Web service security; X-RBAC framework; XML-based role based access control; capability-based access control; configuration mechanism; trust management; trust-based context-aware access control model; Access control; Appropriate technology; Computer security; Context modeling; Design engineering; Impedance; Service oriented architecture; Software systems; Web services; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Web Services, 2004. Proceedings. IEEE International Conference on

Print_ISBN

0-7695-2167-3

Type

conf

DOI

10.1109/ICWS.2004.1314738

Filename

1314738