Securing Workflows with XACML, RDF and BPEL

Authors:
Vijayant Dhankhar;Saket Kaushik;Duminda Wijesekera
Affiliations:
Department of Computer Science, George Mason University, Fairfax, USA VA 22030;Oracle Corporation, Redwood City, USA CA 94065;Department of Computer Science, George Mason University, Fairfax, USA VA 22030
Venue:
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Year:
2008

Citing 11
Cited 1

A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A semantic-based execution model for multilevel secure workflows

Journal of Computer Security
The design and implementation of the redland RDF application framework

Proceedings of the 10th international conference on World Wide Web
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
Three Implementations of SquishQL, a Simple RDF Query Language

ISWC '02 Proceedings of the First International Semantic Web Conference on The Semantic Web
A logical specification for usage control

Proceedings of the ninth ACM symposium on Access control models and technologies
Access Control and Authorization Constraints for WS-BPEL

ICWS '06 Proceedings of the IEEE International Conference on Web Services
Evaluating distributed xacml policies

Proceedings of the 2007 ACM workshop on Secure web services
An Algebra for Composing Ontologies

Proceedings of the 2006 conference on Formal Ontology in Information Systems: Proceedings of the Fourth International Conference (FOIS 2006)
XACML policies for exclusive resource usage

Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security

Secure federation of semantic information services

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The XACML is the access controller of the World Wide Web (WWW). The current reference implementation has a single policy decision point and a policy enforcement point. If XACML policies are used to control workflow among cooperating web services, such as those envisioned in more contemporary languages like (BPEL), it requires coordination to be policy compliant. We propose the necessary enhancements required to do so by passing contextual informationthat are needed for the requester to evaluate an access control decision as opposed to the standard four decision values of permit, deny, indeterminate to make a decisionand an unforeseeable error occurred during evaluation. Proposed contextual information is sufficient to coordinate and if necessary synchronize among coordinating policy enforcement points distributed among the WWW. We show how the contextual information can be constructed and verified using the Resource Description Framework (RDF) and the coordination implemented using BPEL.