Role-Based Access Control Models
Computer
Notable design patterns for domain-specific languages
Journal of Systems and Software
The Pragmatics of Model-Driven Development
IEEE Software
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
Model-Driven Trust Negotiation for Web Services
IEEE Internet Computing
AC-XML documents: improving the performance of a web access control module
Proceedings of the tenth ACM symposium on Access control models and technologies
When and how to develop domain-specific languages
ACM Computing Surveys (CSUR)
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Model-Driven Software Development: Technology, Engineering, Management
Model-Driven Software Development: Technology, Engineering, Management
Role-Based Access Control, Second Edition
Role-Based Access Control, Second Edition
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
A constraint based role based access control in the SECTET a model-driven approach
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
GPC '09 Proceedings of the 4th International Conference on Advances in Grid and Pervasive Computing
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
An approach for the systematic development of domain-specific languages
Software—Practice & Experience
A Taxonomy of Model Transformation
Electronic Notes in Theoretical Computer Science (ENTCS)
Scenario-Driven Role Engineering
IEEE Security and Privacy
A taxonomy of single sign-on systems
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Modeling composition in dynamic programming environments with model transformations
SC'06 Proceedings of the 5th international conference on Software Composition
A novel aspect-oriented BPEL framework for the dynamic enforcement of web services security
International Journal of Web and Grid Services
Supporting entailment constraints in the context of collaborative web applications
Proceedings of the 28th Annual ACM Symposium on Applied Computing
New XACML-AspectBPEL approach for composite web services security
International Journal of Web and Grid Services
ICWE'13 Proceedings of the 13th international conference on Web Engineering
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Hi-index | 0.00 |
In this paper, we present an approach for identity and access management (IAM) in the context of (cross-organizational) service-oriented architectures (SOA). In particular, we defined a domain-specific language (DSL) for role-based access control (RBAC) that allows for the definition of IAM policies for SOAs. For the application in a SOA context, our DSL environment automatically produces WS-BPEL (Business Process Execution Language for Web services) specifications from the RBAC models defined in our DSL. We use the WS-BPEL extension mechanism to annotate parts of the process definition with directives concerning the IAM policies. At deployment time, the WS-BPEL process is instrumented with special activities which are executed at runtime to ensure its compliance to the IAM policies. The algorithm that produces extended WS-BPEL specifications from DSL models is described in detail. Thereby, policies defined via our DSL are automatically mapped to the implementation level of a SOA-based business process. This way, the DSL decouples domain experts' concerns from the technical details of IAM policy specification and enforcement. Our approach thus enables (non-technical) domain experts, such as physicians or hospital clerks, to participate in defining and maintaining IAM policies in a SOA context. Based on a prototype implementation we also discuss several performance aspects of our approach.