Skip to main content
SpringerLink
Log in

A Framework for Modeling Restricted Delegation in Service Oriented Architecture

  • Conference paper
Trust and Privacy in Digital Business (TrustBus 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4083))

Abstract

We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language for modeling access rights based on the concept of Role Based Access Control (RBAC). SECTET-PL is part of the SECTET framework for model-driven security for B2B workflows. Our Rights Delegation Model combines the concept of roles from RBAC with the predicative specification of SECTET-PL. The Rights Delegation Models are translated into XACML Delegation Policies, which are interpreted by a security gateway.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alam, M., Hafner, M., Breu, R.: Modeling Authorization in a SOA based Distributed Workflow. In: IASTED Software Engineering (2006) ISBN: 0-88986-572-8

    Google Scholar 

  2. Breu, R., Popp, G.: Actor-centric modeling of user rights. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 165–179. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Alam, M., et al.: Model-Driven Privacy Management (submitted)

    Google Scholar 

  4. Alam, M., et al.: Model Driven Security for Web Services (MDS4WS). In: INMIC 2004 (2004), Digi. Obj. Id. 10.1109/INMIC.2004.1492930

    Google Scholar 

  5. Alam, M., et al.: Modeling Permissions in a (U/X)ML World. In: ARES 2006 (to appear, 2006)

    Google Scholar 

  6. Hafner, M., et al.: A Security Architecture For Inter-organizational Workflows-Putting WS Security Standards Together. In: ICEIS 2005 (2005), ISBN: 972-8865-19-8

    Google Scholar 

  7. Hafner, M., et al.: Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: IEEE ICWS 2005 (2005), ISBN: 0-7695-2409-5

    Google Scholar 

  8. Breu, R., et al.: Model Based Developement of Access Policies (submitted)

    Google Scholar 

  9. Breu, R., Hafner, M., Weber, B., Novak, A.: Model Driven Security for Inter-organizational Workflows in e-Government. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS, vol. 3416, pp. 122–133. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. SECTETPL : A Predicative Language for the Specification of Access Rights, http://qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL.pdf

  11. Yin, G., Wang, H.-m., Liu, T., Chen, M.-f., Shi, D.-x.: Trust Management with Safe Privilege Propagation. In: Cao, J., Nejdl, W., Xu, M. (eds.) APPT 2005. LNCS, vol. 3756, pp. 174–183. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Lee, H.-H., Lee, Y., Noh, B.-N.: A New Role-Based Delegation Model Using Sub-role Hierarchies. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 811–818. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Wang, J., et al.: Extending the SAML to Support Delegation for Web Services and Grid Services. In: IEEE ICWS 2005 (2005), ISBN: 0-7695-2409-5

    Google Scholar 

  14. Stoupa, K., Vakali, A.I., Li, F., Tsoukalas, I.A.: XML-Based Revocation and Delegation in a Distributed Environment. In: Lindner, W., Mesiti, M., Türker, C., Tzitzikas, Y., Vakali, A.I. (eds.) EDBT 2004. LNCS, vol. 3268, pp. 299–308. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Li, N., Mitchell, J.: RT: A role-based trust-management framework (2003), citeseer.ist.psu.edu/li03rt.html

  16. Blaze, M., et al.: The KeyNote Trust-Management System. RFC 2704 (September 1999)

    Google Scholar 

  17. Model Driven Architecture, http://www.omg.org/mda

  18. OASIS Organization for the Advancement of Structured Information Standards, www.oasis-open.org

  19. UML 2.0 OCL Specification, http://www.omg.org/docs/ptc/03-10-14.pdf

  20. Breu, R., Breu, M., Hafner, M., Nowak, A.: Web service engineering – advancing a new software engineering discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 8–18. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Kim, S., et al.: Wokflow-based Authorization. Journal of Grid Computing (2004)

    Google Scholar 

  22. SAML 2.0 Specification, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  23. Shiboleth protocols and profiles (August 2005), http://shibboleth.internet2.edu/shib-intro.html

  24. Jiang, W., Li, C., Hao, S., Dai, Y.-Q.: Using Trust for Restricted Delegation in Grid Environments. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 293–301. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. XACML 2.0 Specification Set, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  26. XACML v3.0 administration policy Working Draft (December 05, 2005), http://www.oasis-open.org/committees/documents.php?wg_abbrev=xacml

  27. Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: IEEE ICWS 2005 (2005) ISBN 0-7695-2409-5

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Quality Engineering, University of Innsbruck, Innsbruck, Tirol, Austria

    Muhammad Alam, Michael Hafner, Ruth Breu & Stefan Unterthiner

Authors
  1. Muhammad Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Hafner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stefan Unterthiner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden

    Simone Fischer-Hübner

  2. School of Computing, Communications and Electronics, Network Research Group, University of Plymouth, PL4 8AA, Plymouth, UK

    Stevel Furnell

  3. Laboratory of Information and Communication Systems Security Department of Information and Communication Systems Engineering, University of the Aegean, GR-83200, Samos, Karlovassi, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alam, M., Hafner, M., Breu, R., Unterthiner, S. (2006). A Framework for Modeling Restricted Delegation in Service Oriented Architecture. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_15

Download citation

  • DOI: https://doi.org/10.1007/11824633_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37750-4

  • Online ISBN: 978-3-540-37752-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation