An adaptive access control model for web services

Elisa Bertino, Anna C. Squicciarini, Lorenzo Martino, Federica Paci

Research output: Contribution to journalArticlepeer-review

19 Scopus citations

Abstract

This paper presents an innovative access control model referred to as Web serviceAccess Control Version 1 (Ws-ACl), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can he associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also he negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.

Original languageEnglish (US)
Pages (from-to)27-60
Number of pages34
JournalInternational Journal of Web Services Research
Volume3
Issue number3
DOIs
StatePublished - 2006

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'An adaptive access control model for web services'. Together they form a unique fingerprint.

Cite this