Abstract
Nowadays in the IT convergence environment, the Service Oriented Architecture has its unique significance. The RBAC model has a variety of advantages in protecting the security of services. When the network is extended to a certain scale, it must be divided into multi domains for convenient management. However, the study to the RBAC model can be applied in multi-domain environment is still lacked. Corresponding feasible implementation architectures for the individual and composite services are also in weak. In this paper, we proposed a domain model and a domain based RBAC model can better adapt to the multi-domain security requirements. Then based on the model we designed feasible and efficient access control architectures respectively focusing on the individual services and different type of composite services. The evaluation cases showed the proposed model and implementation architectures achieved desired effects and the performances are in promising.
Similar content being viewed by others
References
Cagnina, M. R., & Poian, M. (2009). Beyond e-business models: the road to virtual worlds. Electronic Commerce Research, 9(2), 49–75.
Bertino, E., Martino, L., Paci, F., & Squicciarini, A. (2010). Security for web services and service-oriented architectures (1st ed.). Berlin: Springer. http://download.csdn.net/download/yuan_ping_an/4115257. Accessed 23 Nov. 2011
Wang, X., Sang, Y., Liu, Y., & Luo, Y. (2011). Considerations on security and trust measurement for virtualized environment. Journal of Convergence
Sandhu, R. S., & Samarati, P. (1994). Access control: principles and practice. IEEE Communications Magazine, 9, 40–48.
Vimercati, S., Foresti, S., & Samarati, P. (2008). Recent advances in access control. In Handbook of Database Security (pp. 1–26).
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role based access control models. Computer, 29(2), 38–47.
Sandhu, R. S., Ferraiolo, D., & Kuhn, R. (2000). The NIST model for role-based access control: towards a unified standard. In Proceedings of the fifth ACM workshop on role-based access control, New York.
Essmayr, W., Probst, S., & Weippl, E. (2004). Role-based access controls: status, dissemination, and prospects for generic security mechanisms. Electronic Commerce Research, 4(1), 127–156.
Kuhn, D., Coyne, E., & Weil, T. (2010). Adding attributes to role-based access control. Computer, 43(10), 79–81.
Li, N. H., Mitchell, J., & Winsborough, W. (2002). Design of a role-based trust-management framework. In SP’02 proceedings, Washington (pp. 114–130).
Defense Information Systems Agency (2004). A security architecture for NET-CENTRIC Enterprise Services, Version 0.3. http://www.defense.gov/. Accessed 30 Jun. 2005.
Bertino, E., & Bonatti, P. (2001). TRBAC: a temporal role-based access control model. ACM Transactions on Information and System Security, 4(3), 191–223.
Piromruen, S., & Joshi, J. B. (2005). An RBAC framework for time constrained secure interoperation in multi-domain environment. In WORDS’05 proceedings (pp. 36–45).
Shi, X. L., Fang, Y., Zhang, Y., Li, Y. L., & Sun, L. P. (2007). A role-based access control model in distributed environment. Journal of Sichuan University, 44(2), 303–307.
Demchenko, Y., & Laat, C. (2006). Domain based access control model for distributed collaborative applications. In E-science ’06 proceedings, Amsterdam (pp. 24–32).
Stubblefield, A., Rubin, A. D., & Wallach, D. S. (2005). Managing the performance impact of web security. Electronic Commerce Research, 9(1), 99–116.
Priggouris, L., & Hadjiefthymiades, S. (2006). A distributable security management architecture for enterprise systems spanning multiple security domains. Electronic Commerce Research, 6(3), 33–66.
Kapadia, A., Al-mohtadi, J., Campbell, R., & Mikunas, D. (2000). IRBAC 2000: secure interoperability using dynamic role translation (Technical Report UIUCDCS-R-2000-2162). Illinois University.
Chafi, A., & Mezini, M. (2005). Using aspects for security engineering of web service compositions, web services. In ICWS 2005 (Vol. 1, pp. 59–66).
Bertino, E., Crampton, J., & Paci, F. (2006). Access control and authorization constraints for WS-BPEL, web services. In ICWS 2006 (pp. 275–284).
Menzel, M., Wolter, C., & Meinel, C. (2007). Access control for cross-organisational web service composition. Journal of Information Assurance and Security, 2, 155–160.
Kamath, A., Liscano, R., & Saddik, A. E. (2006). User-credential based role mapping in multi-domain environment. In PST’06 proceedings (Vol. 62).
Acknowledgements
Our sincere thanks for financial support from The China 863 Research and Development Project Foundation award 2008AA01A323. We thank the experts and other anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yang, Z., Wang, Jx., Yang, L. et al. The RBAC model and implementation architecture in multi-domain environment. Electron Commer Res 13, 273–289 (2013). https://doi.org/10.1007/s10660-013-9123-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-013-9123-2