Research of Access Control Policy Based on Context and Role for Web Service
The interacting entities in web service usually cant be predetermined and may be in different security domains. To address the access authorization for unknown users across domain borders, access control of web service should be performed based on the domain-independent access control information but not the identities. In this paper, a context and role based access control policy model is proposed that can be appropriate for web service environment The model is centered around the contests to define and perform access control policies. It first bases the context of users to execute dynamic roles assignment, and then uses the contexts of environment and resource to constrain the authorization decision. We use Description Logic language to formalize the policy model. A series of access control policy axioms are defined and the Access Control Policy Knowledge Base is proposed that has the capacity of reasoning about the policies. Finally, the enforcement effect of access control policy is verified in Racer reasoning system, and the experiment result shows the feasibility and validity of the presented method.
web service access control context role Description Logic policy axiom
Zhengqiu He Lifa Wu Haisu Zhang Chenghui Zheng Xiaoguang Zeng
Institute of Command Automation, PLAUST Nanjing, China
国际会议
西安
英文
457-462
2010-08-07(万方平台首次上网日期,不代表论文的发表时间)