Title :
ARSL: A Language for Authorization Rule Specification in Software Security
Author :
Yu, Weider D. ; Nayak, Ellora
Author_Institution :
San Jose State University, USA
Abstract :
Web services constitute an important part of distributed applications, providing flexibility in the development of distributed applications. One of the key challenges in Web Service security is to determine whether an authenticated user has access to only those services for which he has authorization. Since all authorization patterns for accessing resources cannot be anticipated and hence the access rules cannot be defined beforehand, implementing authorization becomes a concern. This paper describes an approach aimed at a more generalized and reusable solution which provides the flexibility to handle authorization rule updates in real time. The authorization framework is complemented by ARSL (Authorization Rule Specification Language), which is based on predicate logic.
Keywords :
Access control; Application software; Authorization; Data security; Distributed computing; Electronic mail; Logic; Specification languages; Web services; Web sites;
Conference_Titel :
Computers and Communications, 2006. ISCC '06. Proceedings. 11th IEEE Symposium on
Print_ISBN :
0-7695-2588-1
DOI :
10.1109/ISCC.2006.40
