Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

Author

Sohr, Karsten ; Mustafa, Tanveer ; Bao, Xinyu ; Ahn, Gail-Joon

Author_Institution

Center for Comput. Technol., Univ. Bremen, Bremen

fYear

2008

fDate

8-12 Dec. 2008

Firstpage

257

Lastpage

266

Abstract

Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.

Keywords

Unified Modeling Language; Web services; authorisation; ontologies (artificial intelligence); OCL; UML; Web services; generic authorization engine; role-based access control; role-based authorization constraints; Access control; Application software; Authorization; Computer security; Engines; Hospitals; Logic design; Military computing; Unified modeling language; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2008. ACSAC 2008. Annual

Conference_Location

Anaheim, CA

ISSN

1063-9527

Print_ISBN

978-0-7695-3447-3

Type

conf

DOI

10.1109/ACSAC.2008.35

Filename

4721563