An adaptive access control model for web services

Elisa Bertino, Anna C. Squicciarini, Lorenzo Martino, Federica Paci

Research output: Contribution to journalArticle

19 Citations (Scopus)

Abstract

This paper presents an innovative access control model referred to as Web serviceAccess Control Version 1 (Ws-ACl), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can he associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also he negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.

Original languageEnglish (US)
Pages (from-to)27-60
Number of pages34
JournalInternational Journal of Web Services Research
Volume3
Issue number3
DOIs
StatePublished - Jan 1 2006

Fingerprint

Access control
Web services
WSDL
Specifications

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Computer Networks and Communications

Cite this

Bertino, Elisa ; Squicciarini, Anna C. ; Martino, Lorenzo ; Paci, Federica. / An adaptive access control model for web services. In: International Journal of Web Services Research. 2006 ; Vol. 3, No. 3. pp. 27-60.
@article{ced013f6841c4f20aa19306992c60e8f,
title = "An adaptive access control model for web services",
abstract = "This paper presents an innovative access control model referred to as Web serviceAccess Control Version 1 (Ws-ACl), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can he associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also he negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.",
author = "Elisa Bertino and Squicciarini, {Anna C.} and Lorenzo Martino and Federica Paci",
year = "2006",
month = "1",
day = "1",
doi = "10.4018/jwsr.2006070102",
language = "English (US)",
volume = "3",
pages = "27--60",
journal = "International Journal of Web Services Research",
issn = "1545-7362",
publisher = "IGI Publishing",
number = "3",

}

An adaptive access control model for web services. / Bertino, Elisa; Squicciarini, Anna C.; Martino, Lorenzo; Paci, Federica.

In: International Journal of Web Services Research, Vol. 3, No. 3, 01.01.2006, p. 27-60.

Research output: Contribution to journalArticle

TY - JOUR

T1 - An adaptive access control model for web services

AU - Bertino, Elisa

AU - Squicciarini, Anna C.

AU - Martino, Lorenzo

AU - Paci, Federica

PY - 2006/1/1

Y1 - 2006/1/1

N2 - This paper presents an innovative access control model referred to as Web serviceAccess Control Version 1 (Ws-ACl), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can he associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also he negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.

AB - This paper presents an innovative access control model referred to as Web serviceAccess Control Version 1 (Ws-ACl), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can he associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also he negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.

UR - http://www.scopus.com/inward/record.url?scp=33750514985&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750514985&partnerID=8YFLogxK

U2 - 10.4018/jwsr.2006070102

DO - 10.4018/jwsr.2006070102

M3 - Article

AN - SCOPUS:33750514985

VL - 3

SP - 27

EP - 60

JO - International Journal of Web Services Research

JF - International Journal of Web Services Research

SN - 1545-7362

IS - 3

ER -