TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Modeling permissions in a (U/X)ML world
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A flexible role-based delegation model using characteristics of permissions
DEXA'05 Proceedings of the 16th international conference on Database and Expert Systems Applications
Web service engineering – advancing a new software engineering discipline
ICWE'05 Proceedings of the 5th international conference on Web Engineering
Model driven security for inter-organizational workflows in e-government
TCGOV'05 Proceedings of the 2005 international conference on E-Government: towards Electronic Democracy
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
An integrated approach for identity and access management in a SOA context
Proceedings of the 16th ACM symposium on Access control models and technologies
Proceedings of the Workshop on Model-Driven Security
| Hi-index | 0.00 |
With respect to Service Oriented Architectures (SOA's) paradigm, the core Role Based Access Control (RBAC) has several limitations. In SOA, permissions to execute web services are not assigned statically to roles but are associated with a set of Permission Assignment Constraints (PAC) upon the fulfilment of which a role is assigned a permission to execute a web service. Further, the RBAC does not support partial inheritance which is an integral requirement in SOA. A major challenge in SOA is the inheritance of permissions associated with PAC in the presence of role hierarchies. This contribution has three objectives. First we propose an extension to Role Based Access Control [29], Constraint based RBAC (CRBAC), in order to make RBAC applicable into the dynamic environment of SOA. We then present SECTET-PL [31], a high-level language for the specification of PAC. Being part of the SECTET-framework for model-driven security for B2B-workflows, SECTET-PL is a policy language influenced by OCL [23] and interpreted in the context of UML models. Finally, using Model Driven Architecture (MDA) [18] paradigm, we describe the integration of business requirements and security requirements at the metalevel. The high-level security (CRBAC) models are transformed to low-level web services standard artefacts with the help of Eclipse Modelling Framework and OpenArchitectureWare.