Abstract
We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language for modeling access rights based on the concept of Role Based Access Control (RBAC). SECTET-PL is part of the SECTET framework for model-driven security for B2B workflows. Our Rights Delegation Model combines the concept of roles from RBAC with the predicative specification of SECTET-PL. The Rights Delegation Models are translated into XACML Delegation Policies, which are interpreted by a security gateway.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alam, M., Hafner, M., Breu, R.: Modeling Authorization in a SOA based Distributed Workflow. In: IASTED Software Engineering (2006) ISBN: 0-88986-572-8
Breu, R., Popp, G.: Actor-centric modeling of user rights. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 165–179. Springer, Heidelberg (2004)
Alam, M., et al.: Model-Driven Privacy Management (submitted)
Alam, M., et al.: Model Driven Security for Web Services (MDS4WS). In: INMIC 2004 (2004), Digi. Obj. Id. 10.1109/INMIC.2004.1492930
Alam, M., et al.: Modeling Permissions in a (U/X)ML World. In: ARES 2006 (to appear, 2006)
Hafner, M., et al.: A Security Architecture For Inter-organizational Workflows-Putting WS Security Standards Together. In: ICEIS 2005 (2005), ISBN: 972-8865-19-8
Hafner, M., et al.: Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: IEEE ICWS 2005 (2005), ISBN: 0-7695-2409-5
Breu, R., et al.: Model Based Developement of Access Policies (submitted)
Breu, R., Hafner, M., Weber, B., Novak, A.: Model Driven Security for Inter-organizational Workflows in e-Government. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS, vol. 3416, pp. 122–133. Springer, Heidelberg (2005)
SECTETPL : A Predicative Language for the Specification of Access Rights, http://qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL.pdf
Yin, G., Wang, H.-m., Liu, T., Chen, M.-f., Shi, D.-x.: Trust Management with Safe Privilege Propagation. In: Cao, J., Nejdl, W., Xu, M. (eds.) APPT 2005. LNCS, vol. 3756, pp. 174–183. Springer, Heidelberg (2005)
Lee, H.-H., Lee, Y., Noh, B.-N.: A New Role-Based Delegation Model Using Sub-role Hierarchies. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 811–818. Springer, Heidelberg (2003)
Wang, J., et al.: Extending the SAML to Support Delegation for Web Services and Grid Services. In: IEEE ICWS 2005 (2005), ISBN: 0-7695-2409-5
Stoupa, K., Vakali, A.I., Li, F., Tsoukalas, I.A.: XML-Based Revocation and Delegation in a Distributed Environment. In: Lindner, W., Mesiti, M., Türker, C., Tzitzikas, Y., Vakali, A.I. (eds.) EDBT 2004. LNCS, vol. 3268, pp. 299–308. Springer, Heidelberg (2004)
Li, N., Mitchell, J.: RT: A role-based trust-management framework (2003), citeseer.ist.psu.edu/li03rt.html
Blaze, M., et al.: The KeyNote Trust-Management System. RFC 2704 (September 1999)
Model Driven Architecture, http://www.omg.org/mda
OASIS Organization for the Advancement of Structured Information Standards, www.oasis-open.org
UML 2.0 OCL Specification, http://www.omg.org/docs/ptc/03-10-14.pdf
Breu, R., Breu, M., Hafner, M., Nowak, A.: Web service engineering – advancing a new software engineering discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 8–18. Springer, Heidelberg (2005)
Kim, S., et al.: Wokflow-based Authorization. Journal of Grid Computing (2004)
SAML 2.0 Specification, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Shiboleth protocols and profiles (August 2005), http://shibboleth.internet2.edu/shib-intro.html
Jiang, W., Li, C., Hao, S., Dai, Y.-Q.: Using Trust for Restricted Delegation in Grid Environments. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 293–301. Springer, Heidelberg (2005)
XACML 2.0 Specification Set, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
XACML v3.0 administration policy Working Draft (December 05, 2005), http://www.oasis-open.org/committees/documents.php?wg_abbrev=xacml
Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: IEEE ICWS 2005 (2005) ISBN 0-7695-2409-5
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alam, M., Hafner, M., Breu, R., Unterthiner, S. (2006). A Framework for Modeling Restricted Delegation in Service Oriented Architecture. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_15
Download citation
DOI: https://doi.org/10.1007/11824633_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37750-4
Online ISBN: 978-3-540-37752-8
eBook Packages: Computer ScienceComputer Science (R0)