A semantic-aware attribute-based access control model for web services

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5574 LNCS, Issue , 2009, Pages 693-703

  Shen, Haibo ^a  

^a HUBEI UNIVERSITY OF TECHNOLOGY   (China)

Author keywords

Attribute Based Access Control; Ontology; Semantic Web Technologies; Web Services; XACML

Indexed keywords

ACCESS CONTROL MECHANISM; ACCESS CONTROL SCHEMES; ACCESS MANAGEMENT; ATTRIBUTE-BASED ACCESS CONTROL; DYNAMIC NATURE; EXTENSIBLE ACCESS CONTROL MARKUP LANGUAGES; IDENTITY-BASED; MULTI DOMAINS; NEW SERVICES; ONTOLOGY MANAGEMENT; POLICY LANGUAGE; REASONING CAPABILITIES; SECURITY CHALLENGES; SEMANTIC INTEROPERABILITY; SEMANTIC WEB TECHNOLOGIES; SEMANTIC WEB TECHNOLOGY; SENSITIVE ATTRIBUTE; WEB APPLICATION; WEB ONTOLOGY LANGUAGE; WEB SERVICES SECURITY; XACML;

LINGUISTICS; MARKUP LANGUAGES; MULTI AGENT SYSTEMS; ONTOLOGY; PARALLEL ALGORITHMS; SECURITY SYSTEMS; SEMANTIC WEB; SEMANTICS; WEB SERVICES;

ACCESS CONTROL;

EID: 70349093164     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-03095-6_65     Document Type: Conference Paper

References (30)

1. World Wide Web Consortium. Web service, http://www.w3.org/2002/ws
2. Sandhu, R.S.: Access Control: The Neglected Frontier. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol.1172, pp. 219-227. Springer, Heidelberg (1996)
3. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.: Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224-274 (2001)
4. Damiani, E., De Capitani di Vimercati, S., Samarati, P.: New Paradigms for Access Control in Open Environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540-545 (2005)
5. Mohammad, A., Al-Kahtani, S.R.: A Model of Attribute-Based User-Role Assignment. In: Proceedings of the 18th Annual Computer Security Application Conference, pp. 353-362 (2002)
6. Priebe, T., Fernandez, E.B., Mehlau, J.I., Pernul, G.: A Patterns System for Access Control. In: Proceedings of the 18th Annual IFIPWG 11.3 Working Conference on Data and Application Security, pp. 25-28 (2004)
7. Berners-Lee, T., Hander, J., Lassila, O.: The Semantic Web. Scientific American 284, 34-43 (2001)
8. Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard (2008), http://www.oasis-open.org/committees/ download.php/28318/xacml-3.0-core-wd06.zip
9. Carmody, S.: Shibboleth Overview and Requirements. Shibboleth Working Group Document (2001), http://shibboleth.internet2.edu/docs/draft-internet2- shibboleth-requirements-01.html
10. OASIS Standard. Security Assertion Markup Language (SAML) V2.0 (2005), http://docs.oasis-open.org/security/saml/v2.0/
11. Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. In: Proceedings of the 4th Annual PKI R&D Workshop, pp. 19-21 (2005)
12. McGuinness, D.L., van Harmelen, F.: OWL Web Ontology Language Overview (2004), http://www.w3.org/TR/owl-features/
13. Horrocks, I., Patel-Schneider, P.F., Boley, H.: SWRL: A Semantic Web Rule Language Combining OWL and ReleML (2004), http://www.w3.org/Submission/SWRL/
14. Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Extending context descriptions in semantics-aware access control. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol.4332, pp. 162-176. Springer, Heidelberg (2006)
15. Simple Object Access Protocol (SOAP) V1.1 (May 2000), http://www.w3.org/TR/2000/NOTE-SOAP-20000508
16. Protégé Editor and API, http://protege.stanford.edu/ plugins/owl
17. Jess Rule Engine, http://herzberg.ca.sandia.gov/jess
18. Damiani, E., di Vimercati, S.D.C., Paraboschi, S.: Fine Grained Access Control for SOAP e-services. In: Proceedings of the 10th International Conference on World Wide Web, pp. 504-513 (2001)
19. Bhatti, R., Bertino, E., Ghafoor, A.: A Trust-based Context-Aware Access Control Model for Web Services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2004), pp. 184-191 (2004)
20. Xu, F., Xie, J., Huang, H., Li, X.: Context-Aware Role-Based Access Control Model for Web Services. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds.) GCC 2004. LNCS, vol.3252, pp. 430-436. Springer, Heidelberg (2004)
21. Liu, M., Guo, H.Q., Su, J.D.: An Attribute and Role-Based Access Control Model for Web Services. In: Proceedings of the 4th International Conference on Machine Learning and Cybernetics, pp. 1302-1306 (2005)
22. Demchenko, Y., Gommans, L.C.: Extending Role Based Access Control Model for Distributed Multidomain Applications. In: Proceedings of the IFIP TC-11 22nd International Information Security Conference, pp. 301-312 (2007)
23. Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: Proceedings of the IEEE Conference on Web Services (ICWS 2005), pp. 561-569 (2005)
24. Shen, H.B., Hong, F.: An Attribute-Based Access Control Model for Web Services. In: Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 74-79 (2006)
25. Coetzee, M., Eloff, J.H.P.: A Trust and Context Aware Access Control Model for Web Service Conversations. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus. LNCS, vol.4657, pp. 115-124. Springer, Heidelberg (2007)
26. Damiani, E., de Capitani di Vimercati, S., Samarati, P.: New Paradigms for Access Control in Open Environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540-545 (2005)
27. Priebe, T., Dobmeier, W., Kamprath, N.: Supporting Attribute-based Access Control with Ontologies. In: The First International Conference on Availability, Reliability and Security (ARES 2006), pp. 465-472 (2006)
28. Warner, J., Atluri, V., Mukkamala, R., Vaidya, J.: Using semantics for automatic enforcement of access control policies among dynamic coalitions. In: Proceedings of the 12th ACM symposium on Access control models and technologies, pp. 235-244 (2007)
29. Shields, B., Molloy, O., Lyons, G., Duggan, J.: Using Semantic Rules to Determine Access Control for Web Services. In: Proceedings of the 15th international conference on World Wide Web, pp. 913-914 (2006)
30. Coetzee, M., Eloff, J.H.P.: A Logic-based Access Control Approach for Web Services. In: Proceedings of the ISSA 2004 Enabling Tomorrow Conference, Information Security South Africa, pp. 1-11 (2004)