|
ABSTRACT
Title |
: |
Web Services Security Architectures Composition and Contract Design using RBAC |
Authors |
: |
D.Shravani, Dr.P.Suresh Varma, Dr.B.Padmaja Rani, Dr.D.Sravan Kumar, M.Upendra Kumar |
Keywords |
: |
Web Services, Security Architectures, Role-
Based Access Control |
Issue Date |
: |
November 2010 |
Abstract |
: |
Service Oriented Architecture’s Web Services
authorization traditionally is done using common access
control models like Role-Based Access Control. In thinking
of a composite application that stitches together the
capabilities of multiple services, any action in the composite
app should ideally check the access control rules of all
constituent services before initiating an action. The Web
Services Access controls are categorized according to access
control granularity and have two approaches: The first
approach supports a negotiation-based attribute-based access
control to Web Services with fine access granularity. The
second approach is tailored to access control for
conversation-based Web services and composite services;
where in a Web Service is not considered as a set of
independent operations and therefore access control must
take such dependencies into account. During a Web Services
invocation, a client interacts with the service, performing a
sequence of operations in a particular order called
conversation. In this paper, we want to propose strategies for
analyzing and managing Role Based Access Control policies
for designing Security Architectures for web services. We
validate role-based access control with a case study, where
in access decisions are based on the roles that individual
users have as part of an organization. Users take on assigned
roles. The process of defining roles should be based on a
thorough analysis of how an organization operates and
should include input from a wide spectrum of users in an
organization. Access rights are grouped by role name, and
the use of resources is restricted to individuals authorized to
assume the associated role. For example, within a hospital
system the role of doctor can include operations to perform
diagnosis, prescribe medication, and order laboratory tests;
and the role of researcher can be limited to gathering
anonymous clinical information for studies. The use of roles
to control access can be an effective means for developing
and enforcing enterprise-specific security policies, and for
streamlining the security management process. Under the
RBAC framework, users are granted membership into roles
based on their competencies and responsibilities in the
organization. The operations that a user is permitted to
perform are based on the user's role.
|
Page(s) |
: |
2609-2615 |
ISSN |
: |
0975–3397 |
Source |
: |
Vol. 2, Issue.8 |
|