An integrated approach for identity and access management in a SOA context

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2011, Pages 21-30

  Hummer, Waldemar ^a   Gaubatz, Patrick ^b   Strembeck, Mark ^c   Zdun, Uwe ^b   Dustdar, Schahram ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b UNIVERSITY OF VIENNA   (Austria)

^c VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

Identity and access management; SAML; SOAP; WS BPEL; WSSecurity

Indexed keywords

BUSINESS PROCESS; BUSINESS PROCESS EXECUTION LANGUAGE FOR WEB SERVICES; DEPLOYMENT TIME; DOMAIN EXPERTS; DOMAIN SPECIFIC LANGUAGES; IDENTITY AND ACCESS MANAGEMENTS; INTEGRATED APPROACH; PERFORMANCE ASPECTS; POLICY SPECIFICATION; PROCESS DEFINITION; PROTOTYPE IMPLEMENTATIONS; RBAC MODEL; ROLE-BASED ACCESS CONTROL; RUNTIMES; SAML; SERVICE ORIENTED; TECHNICAL DETAILS; WS-BPEL; WSSECURITY;

SECURITY SYSTEMS; SPECIFICATIONS; USER INTERFACES; WEB SERVICES;

ACCESS CONTROL;

EID: 79960160217     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1998441.1998446     Document Type: Conference Paper

References (42)

1. M. Alam, M. Hafner, and R. Breu. A constraint based role based access control in the SECTET a model-driven approach. In Int. Conf. on Privacy, Security and Trust, 2006.
2. D. Basin, J. Doser, and T. Lodderstedt. Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering Methodology, 15:39-91, 2006. (Pubitemid 43947939)
3. B. Carminati and E. Ferrari. AC-XML documents: improving the performance of a web access control module. In 10th ACM SACMAT, pages 67-76, 2005. (Pubitemid 43087463)
4. D. F. Ferraiolo and D. R. Kuhn. Role-Based Access Controls. In 15th National Computer Security Conference, 1992.
5. D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli. Role- Based Access Control. Artech House, second edition, 2007.
6. O. Garcia-Morchon and K. Wehrle. Efficient and context-aware access control for pervasive medical sensor networks. In IEEE Int. Conf. on Pervasive Computing and Communications Workshops, pages 322 -327, April 2010.
7. B. Hicks, S. Rueda, D. King, T. Moyer, J. Schiffman, Y. Sreenivasan, P. McDaniel, and T. Jaeger. An architecture for enforcing end-to-end access control over web applications. In 15th ACM SACMAT, pages 163-172, 2010.
8. V. Koufi, F. Malamateniou, and G. Vassilacopoulos. A Mediation Framework for the Implementation of Context- Aware Access Control in Pervasive Grid-Based Healthcare Systems. In 4th Int. Conf. on Advances in Grid and Pervasive Computing, pages 281-292, 2009.
9. D. Kulkarni and A. Tripathi. Context-aware role-based access control in pervasive computing systems. In 13th ACM SACMAT, pages 113-122, 2008.
10. N. Li, Q. Wang, W. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. Lin. Access control policy combining: theory meets practice. In 14th ACM SACMAT, pages 135-144, 2009.
11. D. Lin, P. Rao, E. Bertino, N. Li, and J. Lobo. Policy decomposition for collaborative access control. In 13th ACM SACMAT, pages 103-112, 2008.
12. P. Mazzoleni, B. Crispo, S. Sivasubramanian, and E. Bertino. XACML Policy Integration Algorithms. ACM Transactions on Information System Security, 11:4:1-4:29, February 2008.
13. M. Memon, M. Hafner, and R. Breu. SECTISSIMO: A Platform-independent Framework for Security Services. In Modeling Security Workshop at MODELS'08, 2008.
14. T. Mens and P. V. Gorp. A Taxonomy of Model Transformation. Electronic Notes in Theoretical Computer Science, 152:125-142, 2006.
15. M. Mernik, J. Heering, and A. Sloane. When and How to Develop Domain-Specific Languages. ACM Computing Surveys, 37(4):316-344, December 2005. (Pubitemid 43898543)
16. A. Mourad, S. Ayoubi, H. Yahyaoui, and H. Otrok. New approach for the dynamic enforcement of Web services security. In 8th Int. Conf. on Privacy Security and Trust, pages 189 -196, 2010.
17. B. Neuman and T. Ts'o. Kerberos: an authentication service for computer networks. Communications Magazine, IEEE, 32(9):33-38, Sept. 1994.
18. OASIS. eXtensible Access Control Markup Languagehttp://docs.oasis-open. org/xacml/2.0 2005.
19. OASIS. Metadata for the OASIS Security Assertion Markup Language (SAML). http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf, 2005.
20. OASIS. Security Assertion Markup Language. http://docs.oasis-open.org/ security/saml/v2.0/saml-core-2.0-os.pdf March 2005.
21. OASIS. Web Services Security: SOAP Message Security 1.1. http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessageSecurity.pdf, 2006.
22. OASIS. Web Services Business Process Execution Language. http://docs.oasis-open.org/wsbpel/2.0/OS 2007.
23. F. Paci, E. Bertino, and J. Crampton. An Access-Control Framework for WS-BPEL. Int. J. f. Web Services Research, 5(3):20-43, 2008.
24. M. P. Papazoglou, P. Traverso, S. Dustdar, and F. Leymann. Service-Oriented Computing: State of the Art and Research Challenges. Computer, 40(11):38-45, 2007.
25. A. Pashalidis and C. J. Mitchell. A taxonomy of single sign-on systems. In 8th Australasian Conference on Information Security and Privacy, pages 249-264, 2003. (Pubitemid 36892639)
26. W. rong Jih, S. you Cheng, J. Y. jen Hsu, and T. ming Tsai. Context-aware access control in pervasive healthcare. In EEE Workshop: Mobility, Agents, and Mobile Services, 2005.
27. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Rolebased access control models. Computer, 29(2):38 -47, 1996.
28. D. C. Schmidt. Model-Driven Engineering - Guest Editor's Introduction. Computer, 39(2), February 2006.
29. B. Selic. The Pragmatics of Model-Driven Development. IEEE Software, 20(5), 2003.
30. S. Sendall and W. Kozaczynski. Model Transformation: The Heart and Soul of Model-Driven Software Development. IEEE Software, 20(5), 2003.
31. H. Skogsrud, B. Benatallah, and F. Casati. Model-Driven Trust Negotiation for Web Services. IEEE Internet Computing, 7:45-52, November 2003.
32. D. Spinellis. Notable design patterns for domain-specific languages. J. of Systems and Software, 56(1):91-99, 2001. (Pubitemid 33649529)
33. T. Stahl and M. Völter. Model-Driven Software Development. John Wiley & Sons, 2006.
34. M. Strembeck. A Role Engineering Tool for Role-Based Access Control,. In 3rd Symposium on Requirements Engineering for Information Security, 2005.
35. M. Strembeck. Scenario-driven Role Engineering. IEEE Security & Privacy, 8(1), January/February 2010.
36. M. Strembeck and J. Mendling. Modeling Process-related RBAC Models with Extended UML Activity Models. Information and Software Technology, 53(5), May 2011.
37. M. Strembeck and G. Neumann. An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Trans. on Inf. and System Security, 7(3), 2004.
38. M. Strembeck and U. Zdun. An Approach for the Systematic Development of Domain-Specific Languages. Software: Practice and Experience (SP&E), 39(15), October 2009.
39. C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel. Model-driven business process security requirement specification. J. Syst. Archit., 55:211-223, 2009.
40. World Wide Web Consortium (W3C). XML Signature Syntax and Processing. http://www.w3.org/TR/xmldsig-core/2008.
41. U. Zdun and M. Strembeck. Modeling Composition in Dynamic Programming Environments with Model Transformations. In 5th Int. Sym. on Software Composition, 2006.
42. U. Zdun and M. Strembeck. Reusable Architectural Decisions for DSL Design: Foundational Decisions in DSL Projects. In 14th European Conference on Pattern Languages of Programs (EuroPLoP), July 2009.