Hasso-Plattner-Institut: Publikationen

Hasso-Plattner-Institut für Softwaresystemtechnik

>> Publikationen

Regina Hebig and Christoph Meinel and Michael Menzel and Ivonne Thomas and Robert Warschofsky. A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control. In ICWS '09: Proceedings of the 2009 IEEE International Conference on Web Services, pages 551–558, Los Angeles, CA, USA, 2009. IEEE Computer Society .

Abstract:

The loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.

BibTeX file

@inproceedings{1587038,

author = { Regina Hebig and Christoph Meinel and Michael Menzel and Ivonne Thomas and Robert Warschofsky },
title = { A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control },
year = { 2009 },
pages = { 551--558 },
abstract = { The loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy. },
month = { 0 },
publisher = { IEEE Computer Society },
address = { Los Angeles, CA, USA },
booktitle = { ICWS '09: Proceedings of the 2009 IEEE International Conference on Web Services }

}

Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

last change: Fri, 19 Nov 2010 16:41:11 +0100