A context-aware access control framework for e-service provision

The emerging Web services technologies constitute the infrastructure that enables the provision of a new generation of e-services and applications. However, the provision of e-services through the Internet imposes increased risks, since it exposes data and sensitive information outside the customer premises. In this paper, we propose a context-aware, access control architecture, in order to support fine-grained authorizations for the provision of e-services, based on an end-to-end Web services infrastructure. Access permissions to distributed Web services are controlled through an intermediary server, based on a role-based access control (RBAC) model, which incorporates dynamic context information, in the form of context constraints. A high level of abstraction of the physical environment is achieved by using the concepts of simple and composite context conditions. Also, the paper proposes adequate mechanisms for updating context dynamically. Finally, an example use case is presented