JIANG Wei-chao,XIA Yang,HUANG Xiao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.06.042

2005-01-01

Abstract:Web services, which adopt general protocol and technology, can be easily accessed by users and have been the research hotspot in distributed computing, but the downside of this easiness is that security is compromised. An access control system for web services is presented based on SAML and XACML, which uses SAML to single sign-on and introduces XACML to control the access of users. Based on SAML, XACML is imported to control the protected resources on web sites, and achieves the security of access control of web services.

Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

徐晓春,陆松年,杨树堂,蒋兴浩

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.05.028

2004-01-01

Abstract:One of the most important features of XML Web services is that they can easily accessed over the Internet. But the downside of this easiness is that security is compromised. This paper presents an access control system for Web Services. It uses XACML for the description of access control criteria based on the use of attribute certificate. The system takes full advantage of XML-enabled feature of Web Services and XACML access control decision model. Furthermore, the integration of privilege management infrastructure and XACML makes this system suitable for heterogeneous Web services.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

X Feng,L Guoyuan,H Hao,X Li

DOI: https://doi.org/10.1109/cit.2004.1357221

2004-01-01

Abstract:This paper first briefly reviews the state of the security technology research and access control in the Web Services environment, and then presents a service-orient role-based access control model and security architecture model for Web Services. In this Security Architecture model, SOAP Proxy is employed to enforce access control for Web Services and security mechanisms are separated from the business logic. In this paper, a new technology is presented to implement the RBAC on the Web Services by designing the secure cookies and secure SOAP messages. Finally, the conclusion is given and the problems are pointed out, which should be resolved in further research.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

Yi-qun Zhu,Jian-hua Li,Quan-hai Zhang

DOI: https://doi.org/10.5220/0002100404710474

2006-01-01

Abstract:A key challenge in Web services security is the design of effective access control schemes that can adequately satisfy Web services security requirements. Despite the recent advances in Web based access control, there remain issues that impede the development of effective access control models for Web services environments. One of them is the lacks of dynamic role management and attributes access control for Web services. In this paper, we present a dynamic attribute-based role-based access control model (DARBAC) to address the issues. The proposed approach introduces authorization group, which is used to dynamically manages roles and privileges, and attribute based access control mechanism which is used to protect the services and services parameters. We outline the configuration mechanism needed to apply our model to the Web services environments.

ZHU Yi-qun,LI Jian-hua,ZHANG Quan-hai

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.05.026

2007-01-01

Abstract:This paper reviews the existing research work of the security technology and access control for web services, and then presents a dynamic hierarchical role-based access control model for web services. In this paper, by introducing the notion of authorization group and mechanism of hierarchical access control, the model dynamically manages privileges and protects the parameters themselves. The model improves the flexibility and independence and expansion of access control for web services, and dynamically manages privileges, and provides a more perfect security mechanism for web services, and also effectively enhances the security for web services applications.

Xu Guangwei,Yin Jianwei,CHEN Gang,Dong Jinxiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.026

2005-01-01

Abstract:Current RBAC models have gained general recognition, but the realization of traditional RBAC is divorced from the organizational structure of enterprises, and the tight coincidence of authentication modules and applications causes troubles to maintenance and realization of the system. A principal-based authentication , authorization model and algorithm are introduced and they are based on the realized RBAC models, as well as a J2EE-based realization is presented.

Yin Hao,Zhou Jiliu,Wu Huilin,Yu Liang

DOI: https://doi.org/10.1109/ISDPE.2007.73

2007-01-01

Abstract:Web-based portals have been increasingly used to integrate information from a variety of back-end Web services. In these systems, security is a critical feature. This paper presents a SAML/XACML based access control between portal and Web services to extend the authentication and authorization mechanism within a portal to external Web services. © 2007 IEEE.

马克,宋长新

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.27.028

2008-01-01

Abstract:Based on the research of Web security specifications, it put forwards a message level security model for the typical Web Services application. It provides both security transport of SOAP messages and an access control security. ' The model uses XKMS as a replacement of PKI and SAML assertion to exchange authentication as well as authorization information of users. The implement of the model depends on a message processing security.

Ni Wancheng,Liu Lianchen,Liu Wei

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.21.037

2006-01-01

Abstract:Based on RBAC(Role-Based Access Control) theory,a role-page model based access control method for Web applications is given out to facilitate the Implementation of RBAC Model.Considering the characteristic of B/S application model,this method is to logically partition the business logic and the representation logic.Then the access control can be implemented by controlling the Web pages' availability to different roles.This method can be used to facilitate the construction of Web applications because it reduces the judge code of access control.And this method has already been validated in the CERS(China education Equipments and Resource Sharing) project.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

P Liu,Z Chen

DOI: https://doi.org/10.1109/cec-east.2004.17

2005-01-01

Abstract:Web services are widely accepted and adopted to provide business functionality in business world. Especially, Web service is chosen to compose business process by companies to achieve their business objectives. Business process contains a set of activities, which represent business interactions between Web services spanning company boundaries. As Web services are built in open distributed environment, it is apt to cause security concerns. Security problems mainly prevent many companies from implementing Web services. This paper proposes an extended RBAC model, called WS-RBAC4BP, to protect Web services in business process. In this model, companies and Web services are considered as subjects and protected objects, respectively. New types of constraints are introduced. Furthermore, the system architecture of WS-RABC4BP is presented. This paper also gives examples to illustrate the model

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

Yiqun Zhu,Jianhua Li,Quanhai Zhang

DOI: https://doi.org/10.1007/s11859-008-0116-2

2008-01-01

Wuhan University Journal of Natural Sciences

Abstract:Growing numbers of users and many access policies in service-oriented environments cause various problems in protecting resource. In this paper we analyze the relationships of resource attributes to user attributes in all policies, and propose a general attribute based role-based access control (GARBAC) model. The proposed model introduces the notions of composition permission and single attribute expression and composite attribute expression, defines a set of rules based on different attribute expression to assign users to roles. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service.