Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1109/ISCC.2013.6754982

2013-01-01

Abstract:With the rapid development of the Internet, web service technology has been extensively used in distributed applications and is highly likely to replace other various technologies for the distributed application development. However, concerning most hard issues of the web services authentication, no proper solutions have been discovered and available for use now. Due to its dynamic and cross-domain characteristics, web services authentication is confronted with new challenges and difficulties. Each service or autonomous domain may have their separate authentication technologies and identity token types. Meanwhile, the same services may adopt different authentication technologies in terms of different application scenarios. Therefore, the difficult question arises as how to design an integrated and flexible architecture to enhance trust in web services. According to our findings, presented in this paper is a policy-based architecture for web services authentication termed PBA4WSA. Compared with the other architectures, the PBA4WSA can better satisfy the characteristics of web services.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

YB Peng,J Gao,J Hu,BS Liao

DOI: https://doi.org/10.1109/cit.2005.35

2005-01-01

Abstract:Information systems researchers continue to develop Web services hoping that, in a near future, these services will be used in every application system expediently. Although many implementations of Web services are currently available, no project can solve the problem of autonomous controlling the whole execution process of Web services. In this paper, we present a policy-driven IMCSBA (Infrastructure for Managing and Controlling the Social Behavior of Agents) project, which provides a platform to autonomous control the whole execution process of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Yi-qun Zhu,Jian-hua Li,Quan-hai Zhang

DOI: https://doi.org/10.5220/0002100404710474

2006-01-01

Abstract:A key challenge in Web services security is the design of effective access control schemes that can adequately satisfy Web services security requirements. Despite the recent advances in Web based access control, there remain issues that impede the development of effective access control models for Web services environments. One of them is the lacks of dynamic role management and attributes access control for Web services. In this paper, we present a dynamic attribute-based role-based access control model (DARBAC) to address the issues. The proposed approach introduces authorization group, which is used to dynamically manages roles and privileges, and attribute based access control mechanism which is used to protect the services and services parameters. We outline the configuration mechanism needed to apply our model to the Web services environments.

Jian-Xin Li,Bin Li,Liang Li,Tong-Sheng Che

DOI: https://doi.org/10.1109/npc.2007.79

2007-01-01

Abstract:The security of Web Services has become one of the important research topics about the application of Web Services. In this paper, we propose an agent-based policy aware framework for Web Services security. In this framework, a policy language called ReiT which is a declarative language based on the rules and ontologies is introduced The non-structural knowledge is represented by rules and the structural temporal knowledge is represented by ontology. Moreover, we propose a mixed reasoning mechanism to evaluate the ReiT policy. The access control policy including the context of the user and Web Services is evaluated by the reasoner. In addition, we present a policy aware BOID agent to authorize the access control of the Web Services. And we implement the policy aware BOID agent by extending the JADE platform.

ZHU Yi-qun,LI Jian-hua,ZHANG Quan-hai

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.05.026

2007-01-01

Abstract:This paper reviews the existing research work of the security technology and access control for web services, and then presents a dynamic hierarchical role-based access control model for web services. In this paper, by introducing the notion of authorization group and mechanism of hierarchical access control, the model dynamically manages privileges and protects the parameters themselves. The model improves the flexibility and independence and expansion of access control for web services, and dynamically manages privileges, and provides a more perfect security mechanism for web services, and also effectively enhances the security for web services applications.

Fan Zhang,Ji Gao,Bei-Shui Liao

DOI: https://doi.org/10.1109/ICMLC.2006.258812

2006-01-01

Abstract:Web service is an important technology in open distributed system. But because of the dynamical and heterogeneous nature of web services, it is difficult to be managed directly. On the other hand, multi-agent system provides a model for automatic discovery, negotiation and cooperation. It can be designed as a container of web services for autonomic management. This paper provides a policy-driven model base on multi-agent system that encapsulates the web service as an agent. It can supervise the dynamical agents and web services that may join in or leave out at run time according to high-level policies or business requirements.

Zhang Yong-sheng,Wang Ying

DOI: https://doi.org/10.1109/NSWCTC.2010.113

2010-01-01

Abstract:The paper proposes a dynamic access control model for Web services that based on the trust-authorization -WS-TABAC model. A simple evaluation algorithm about trust is defined, which can calculate the trust degree of users easily. In WS-TABAC model, part or complete privileges can be achieved through the mapping relations defined between trust and authorization. Theoretical analysis and examples demonstrate that this model can better grant appropriate access privileges for different requestors and satisfy their need than the traditional access control.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

Zhong Chen

2008-01-01

Abstract:Based on the Semantic Web technology extends the scope of policy management, In Web access control security through the reasoning of the policy to achieve the dynamic process of adjustment, presents a Web services security visit to the multi-level policy approach, for the next generation of Web services application in a useful exploration.

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

Yiqun Zhu,Jianhua Li,Quanhai Zhang

DOI: https://doi.org/10.1007/s11859-008-0116-2

2008-01-01

Wuhan University Journal of Natural Sciences

Abstract:Growing numbers of users and many access policies in service-oriented environments cause various problems in protecting resource. In this paper we analyze the relationships of resource attributes to user attributes in all policies, and propose a general attribute based role-based access control (GARBAC) model. The proposed model introduces the notions of composition permission and single attribute expression and composite attribute expression, defines a set of rules based on different attribute expression to assign users to roles. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service.

霍远国,马殿富,刘建,李竹青

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.07.030

2010-01-01

Computer Science

Abstract:Web Services Resource (WS-Resource) consists of static Web service interface and dynamic stateful resource.According to the different characteristics of the two components,we proposed an Attribute-Based Two Level Access Control (2L-ABAC) on for WS-Resources.Attribute retrieval is essential for ABAC systems because they are based on their decisions on attributes of users,so 2L-ABAC employs access control policies publishing mechanism to inform users of the needed attributes.Access control policies of Web Services are static and those of resources are dynamic,correspondently two publishing methods,WSDL attachment and metadata exchanging,are adopted for each level respectively.2L-ABAC inherits from the ABAC model the capability of authorizing unknown users from other security domains,besides its flexibility due to the hierarchy design model.Moreover,this architecture can be implemented by extending the standard specifications such as XACML and SAML,so it has broad applicability for WS-Resource based systems.

Tang Jing-fan,Zhou Bo,He Zhi-jun

DOI: https://doi.org/10.1631/jzus.2005.a0676

2005-01-01

Journal of Zhejiang University SCIENCE A

Abstract:This paper proposes a policy driven and multi-agent based model to enhance the fault tolerance and recovery capabilities of Web services in distributed environment. The evaluation function of fault specifications and the corresponding handling mechanisms of the services are both defined in policies, which are expressed in XML. During the implementation of the services,the occurrences of faults are monitored by the service monitor agent through the local knowledge on the faults. Such local knowledge is dynamically generated by the service policy agent through querying and parsing the service policies from the service policies repository. When the fault occurs, the service process agent will focus on the process of fault handling and service recovery, which will be directed with the actions defined in the policies upon the specific conditions. Such a policy driven and multi-agent based fault handling approach can address the issues of flexibility, automation and availability.

BS Liao,J Gao,J Hu,JJ Chen

DOI: https://doi.org/10.1109/icmlc.2004.1380585

2004-01-01

Abstract:Presently, resource sharing and integration within or cross enterprises (organizations) based on Web services, semantic Web and agents, are developing rapidly. However, different level of requirements of enterprise applications, and dynamic nature of Web services and application requirements, result in increasing complexities of management of Web services and related agents. This paper proposes a federated multi-agent system for autonomic Web services control. The main point of this paper is to propose an approach based on hierarchical architecture-oriented agent federations to control the internal cooperation and external coordination and transaction of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Hao Zeng,Yong Wang Zhao,Dian Fu Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.644-650.2943

2014-01-01

Applied Mechanics and Materials

Abstract:With the rapid development of web services technology, the security policies defined in WS-SecurityPolicy are widely used for expressing security properties, capabilities, constraints and requirements of web services. It is well-known that security policies are crucial in the negotiation phase of service discovery and selection. However, such security policies are hard to understand and extremely error-prone, due to the complexity of the WS-SecurityPolicy specification. At the same time, because the WS-SecurityPolicy is described by natural language, there have ambiguity problem. These problem seriously hindered the development of web services policy. Therefore, this paper proposes a web services security policy description model to describe accurately and clearly security policies. The security policy model employs the formal modeling method to convert the policy assertions into the security rules.

Mudhakar Srivatsa,Arun Iyengar,Thomas Mikalsen,Isabelle Rouvellou,Jian Yin

DOI: https://doi.org/10.1109/ICWS.2007.31

2007-01-01

Abstract:Service composition has emerged as a fundamental technique for developing Web applications. Multiple services, often from different organizations or trust domains, may be dynamically composed to satisfy a user's request. Access control in the presence of service compositions is a challenging security problem. In this paper, we present an access control model and techniques for specifying and enforcing access control rules on Web service compositions. A key advantage of our approach is that past histories of service invocations can be used to make access control decisions. Our approach allows role hierarchies and separation of duty constraints. Access controls rules may be parameterized by one or more arguments. We have implemented our access control model via a declarative policy specification language which uses pure-past linear temporal logic (PPLTL). We describe an implementation of our approach using a supply chain management (SCM) application. Our experiments show that our approach can enforce expressive and flexible access control policies while incurring reasonable performance overhead on the application.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.