An integrated approach for identity and access management in a SOA context

Authors:
Waldemar Hummer;Patrick Gaubatz;Mark Strembeck;Uwe Zdun;Schahram Dustdar
Affiliations:
Vienna University of Technology, Vienna, Austria;University of Vienna, Vienna, Austria;Vienna University of Economics and Business (WU Vienna), Vienna, Austria;University of Vienna, Vienna, Austria;Vienna University of Technology, Vienna, Austria
Venue:
Proceedings of the 16th ACM symposium on Access control models and technologies
Year:
2011

Citing 27
Cited 6

Role-Based Access Control Models

Computer
Notable design patterns for domain-specific languages

Journal of Systems and Software
Model Transformation: The Heart and Soul of Model-Driven Software Development

IEEE Software
The Pragmatics of Model-Driven Development

IEEE Software
An integrated approach to engineer and enforce context constraints in RBAC environments

ACM Transactions on Information and System Security (TISSEC)
Model-Driven Trust Negotiation for Web Services

IEEE Internet Computing
AC-XML documents: improving the performance of a web access control module

Proceedings of the tenth ACM symposium on Access control models and technologies
Guest Editor's Introduction: Model-Driven Engineering

Computer
When and how to develop domain-specific languages

ACM Computing Surveys (CSUR)
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Model-Driven Software Development: Technology, Engineering, Management

Model-Driven Software Development: Technology, Engineering, Management
Role-Based Access Control, Second Edition

Role-Based Access Control, Second Edition
Service-Oriented Computing: State of the Art and Research Challenges

Computer
XACML Policy Integration Algorithms

ACM Transactions on Information and System Security (TISSEC)
Policy decomposition for collaborative access control

Proceedings of the 13th ACM symposium on Access control models and technologies
Context-aware role-based access control in pervasive computing systems

Proceedings of the 13th ACM symposium on Access control models and technologies
A constraint based role based access control in the SECTET a model-driven approach

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Model-driven business process security requirement specification

Journal of Systems Architecture: the EUROMICRO Journal
A Mediation Framework for the Implementation of Context-Aware Access Control in Pervasive Grid-Based Healthcare Systems

GPC '09 Proceedings of the 4th International Conference on Advances in Grid and Pervasive Computing
Access control policy combining: theory meets practice

Proceedings of the 14th ACM symposium on Access control models and technologies
An approach for the systematic development of domain-specific languages

Software—Practice & Experience
A Taxonomy of Model Transformation

Electronic Notes in Theoretical Computer Science (ENTCS)
Scenario-Driven Role Engineering

IEEE Security and Privacy
A taxonomy of single sign-on systems

ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
An architecture for enforcing end-to-end access control over web applications

Proceedings of the 15th ACM symposium on Access control models and technologies
Modeling process-related RBAC models with extended UML activity models

Information and Software Technology
Modeling composition in dynamic programming environments with model transformations

SC'06 Proceedings of the 5th international conference on Software Composition

A novel aspect-oriented BPEL framework for the dynamic enforcement of web services security

International Journal of Web and Grid Services
Supporting entailment constraints in the context of collaborative web applications

Proceedings of the 28th Annual ACM Symposium on Applied Computing
New XACML-AspectBPEL approach for composite web services security

International Journal of Web and Grid Services
Supporting customized views for enforcing access control constraints in real-time collaborative web applications

ICWE'13 Proceedings of the 13th international conference on Web Engineering
Enforcement of entailment constraints in distributed service-based business processes

Information and Software Technology
A decision methodology for managing operational efficiency and information disclosure risk in healthcare processes

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present an approach for identity and access management (IAM) in the context of (cross-organizational) service-oriented architectures (SOA). In particular, we defined a domain-specific language (DSL) for role-based access control (RBAC) that allows for the definition of IAM policies for SOAs. For the application in a SOA context, our DSL environment automatically produces WS-BPEL (Business Process Execution Language for Web services) specifications from the RBAC models defined in our DSL. We use the WS-BPEL extension mechanism to annotate parts of the process definition with directives concerning the IAM policies. At deployment time, the WS-BPEL process is instrumented with special activities which are executed at runtime to ensure its compliance to the IAM policies. The algorithm that produces extended WS-BPEL specifications from DSL models is described in detail. Thereby, policies defined via our DSL are automatically mapped to the implementation level of a SOA-based business process. This way, the DSL decouples domain experts' concerns from the technical details of IAM policy specification and enforcement. Our approach thus enables (non-technical) domain experts, such as physicians or hospital clerks, to participate in defining and maintaining IAM policies in a SOA context. Based on a prototype implementation we also discuss several performance aspects of our approach.