A Web Service for Hypermedia Role-Based Access Policies

High level security is a key requirement in hypermedia/web applications. The systems opening to the Internet makes the research effort to move towards protecting the information transmission (i.e. SOAP messages, policy descriptions,…), but little attention is paid to what the user can do with the system. Role-based access control (RBAC) allows to formulate the organization´s resource access policy in a simple, natural way, so a role-based access model for hypermedia will make it easier to integrate the security design with the rest of the system design. In service oriented architectures, an access policy service would allow to gather the management and deployment of the security policy in distributed and heterogeneous environments. This paper describes a role-based access control model for hypermedia called MARAH, and its implementation as a web service. An use case of the model in the design of the ARCE application is also discussed.