Expressive and Deployable Access Control in Open Web Service Applications

Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for the context of open web service systems, where servers generally do not have prior knowledge of the requesters. The research community has acknowledged such a pa...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE transactions on services computing 2011-04, Vol.4 (2), p.96-109
Hauptverfasser:	Ardagna, C A, De Capitani di Vimercati, S, Paraboschi, S, Pedrini, E, Samarati, P, Verdicchio, M
Format:	Artikel
Sprache:	eng
Schlagworte:	Access control Authorization Cognition Communities Context credentials Credit cards Deployable access control Deployable structures Dynamics Mathematical models security policy communication Servers Spacecraft Spreads Web services XACML
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	109
container_issue	2
container_start_page	96
container_title	IEEE transactions on services computing
container_volume	4
creator	Ardagna, C A De Capitani di Vimercati, S Paraboschi, S Pedrini, E Samarati, P Verdicchio, M
description	Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for the context of open web service systems, where servers generally do not have prior knowledge of the requesters. The research community has acknowledged such a paradigm shift and several investigations have been carried out for new approaches to regulate access control in open dynamic settings. Typically based on logic, such approaches, while appealing for their expressiveness, result not applicable in practice, where simplicity, efficiency, and consistency with consolidated technology are crucial. The eXtensible Access Control Markup Language (XACML) has established itself as the emerging technological solution for controlling access in an interoperable and flexible way. Although supporting the most common policy representation mechanisms and having acquired a significant spread in the research community and the industry, XACML still suffers from some limitations which impact its ability to support actual requirements of open web-based systems. In this paper, we provide a simple and effective formalization of novel concepts that have to be supported for enforcing the new access control paradigm needed in open scenarios, toward the aim of providing an expressive solution actually deployable with today's technology. We illustrate how the concepts of our model can be deployed in the XACML standard by exploiting its extension points for the definition of new functions, and introducing a dialog management framework to enable access control interactions between web service clients and servers.
doi_str_mv	10.1109/TSC.2010.29
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_5467031</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5467031</ieee_id><sourcerecordid>2359941071</sourcerecordid><originalsourceid>FETCH-LOGICAL-c313t-f9c23b07fae1dc649fb2a32f134da29b80fcc698e3befc169362a3471e49d46b3</originalsourceid><addsrcrecordid>eNpdkM1LAzEQxYMoWKsnj16CJ0G25mOb3RzLWrVQ6KEVjyGbncCW7WZNtsX-92apiHiaGd5vhnkPoVtKJpQS-bRZFxNG4sTkGRpRyWVCeZae_-kv0VUIW0IEy3M5Qov5V-chhPoAWLcVfoaucUddNoBnxkQBF67tvWtw3eJVBy3-gBKvwR9qE5Gua2qj-9q14RpdWN0EuPmpY_T-Mt8Ub8ly9booZsvEcMr7xErDeEkyq4FWRqTSlkxzZilPK81kmRNrjJA58BKsoUJyEfU0o5DKKhUlH6OH093Ou889hF7t6mCgaXQLbh8UFRllgg6bY3T_D926vW_jdyoX0T6X2TRCjyfIeBeCB6s6X--0PypK1JCqiqmqIVXFhpN3J7oGgF9ymoqMRHvfuKhyDw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>868893975</pqid></control><display><type>article</type><title>Expressive and Deployable Access Control in Open Web Service Applications</title><source>IEEE Electronic Library (IEL)</source><creator>Ardagna, C A ; De Capitani di Vimercati, S ; Paraboschi, S ; Pedrini, E ; Samarati, P ; Verdicchio, M</creator><creatorcontrib>Ardagna, C A ; De Capitani di Vimercati, S ; Paraboschi, S ; Pedrini, E ; Samarati, P ; Verdicchio, M</creatorcontrib><description>Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for the context of open web service systems, where servers generally do not have prior knowledge of the requesters. The research community has acknowledged such a paradigm shift and several investigations have been carried out for new approaches to regulate access control in open dynamic settings. Typically based on logic, such approaches, while appealing for their expressiveness, result not applicable in practice, where simplicity, efficiency, and consistency with consolidated technology are crucial. The eXtensible Access Control Markup Language (XACML) has established itself as the emerging technological solution for controlling access in an interoperable and flexible way. Although supporting the most common policy representation mechanisms and having acquired a significant spread in the research community and the industry, XACML still suffers from some limitations which impact its ability to support actual requirements of open web-based systems. In this paper, we provide a simple and effective formalization of novel concepts that have to be supported for enforcing the new access control paradigm needed in open scenarios, toward the aim of providing an expressive solution actually deployable with today's technology. We illustrate how the concepts of our model can be deployed in the XACML standard by exploiting its extension points for the definition of new functions, and introducing a dialog management framework to enable access control interactions between web service clients and servers.</description><identifier>ISSN: 1939-1374</identifier><identifier>EISSN: 1939-1374</identifier><identifier>EISSN: 2372-0204</identifier><identifier>DOI: 10.1109/TSC.2010.29</identifier><identifier>CODEN: ITSCAD</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Access control ; Authorization ; Cognition ; Communities ; Context ; credentials ; Credit cards ; Deployable access control ; Deployable structures ; Dynamics ; Mathematical models ; security policy communication ; Servers ; Spacecraft ; Spreads ; Web services ; XACML</subject><ispartof>IEEE transactions on services computing, 2011-04, Vol.4 (2), p.96-109</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Apr-Jun 2011</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c313t-f9c23b07fae1dc649fb2a32f134da29b80fcc698e3befc169362a3471e49d46b3</citedby><cites>FETCH-LOGICAL-c313t-f9c23b07fae1dc649fb2a32f134da29b80fcc698e3befc169362a3471e49d46b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5467031$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5467031$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Ardagna, C A</creatorcontrib><creatorcontrib>De Capitani di Vimercati, S</creatorcontrib><creatorcontrib>Paraboschi, S</creatorcontrib><creatorcontrib>Pedrini, E</creatorcontrib><creatorcontrib>Samarati, P</creatorcontrib><creatorcontrib>Verdicchio, M</creatorcontrib><title>Expressive and Deployable Access Control in Open Web Service Applications</title><title>IEEE transactions on services computing</title><addtitle>TSC</addtitle><description>Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for the context of open web service systems, where servers generally do not have prior knowledge of the requesters. The research community has acknowledged such a paradigm shift and several investigations have been carried out for new approaches to regulate access control in open dynamic settings. Typically based on logic, such approaches, while appealing for their expressiveness, result not applicable in practice, where simplicity, efficiency, and consistency with consolidated technology are crucial. The eXtensible Access Control Markup Language (XACML) has established itself as the emerging technological solution for controlling access in an interoperable and flexible way. Although supporting the most common policy representation mechanisms and having acquired a significant spread in the research community and the industry, XACML still suffers from some limitations which impact its ability to support actual requirements of open web-based systems. In this paper, we provide a simple and effective formalization of novel concepts that have to be supported for enforcing the new access control paradigm needed in open scenarios, toward the aim of providing an expressive solution actually deployable with today's technology. We illustrate how the concepts of our model can be deployed in the XACML standard by exploiting its extension points for the definition of new functions, and introducing a dialog management framework to enable access control interactions between web service clients and servers.</description><subject>Access control</subject><subject>Authorization</subject><subject>Cognition</subject><subject>Communities</subject><subject>Context</subject><subject>credentials</subject><subject>Credit cards</subject><subject>Deployable access control</subject><subject>Deployable structures</subject><subject>Dynamics</subject><subject>Mathematical models</subject><subject>security policy communication</subject><subject>Servers</subject><subject>Spacecraft</subject><subject>Spreads</subject><subject>Web services</subject><subject>XACML</subject><issn>1939-1374</issn><issn>1939-1374</issn><issn>2372-0204</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2011</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpdkM1LAzEQxYMoWKsnj16CJ0G25mOb3RzLWrVQ6KEVjyGbncCW7WZNtsX-92apiHiaGd5vhnkPoVtKJpQS-bRZFxNG4sTkGRpRyWVCeZae_-kv0VUIW0IEy3M5Qov5V-chhPoAWLcVfoaucUddNoBnxkQBF67tvWtw3eJVBy3-gBKvwR9qE5Gua2qj-9q14RpdWN0EuPmpY_T-Mt8Ub8ly9booZsvEcMr7xErDeEkyq4FWRqTSlkxzZilPK81kmRNrjJA58BKsoUJyEfU0o5DKKhUlH6OH093Ou889hF7t6mCgaXQLbh8UFRllgg6bY3T_D926vW_jdyoX0T6X2TRCjyfIeBeCB6s6X--0PypK1JCqiqmqIVXFhpN3J7oGgF9ymoqMRHvfuKhyDw</recordid><startdate>20110401</startdate><enddate>20110401</enddate><creator>Ardagna, C A</creator><creator>De Capitani di Vimercati, S</creator><creator>Paraboschi, S</creator><creator>Pedrini, E</creator><creator>Samarati, P</creator><creator>Verdicchio, M</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20110401</creationdate><title>Expressive and Deployable Access Control in Open Web Service Applications</title><author>Ardagna, C A ; De Capitani di Vimercati, S ; Paraboschi, S ; Pedrini, E ; Samarati, P ; Verdicchio, M</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c313t-f9c23b07fae1dc649fb2a32f134da29b80fcc698e3befc169362a3471e49d46b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Access control</topic><topic>Authorization</topic><topic>Cognition</topic><topic>Communities</topic><topic>Context</topic><topic>credentials</topic><topic>Credit cards</topic><topic>Deployable access control</topic><topic>Deployable structures</topic><topic>Dynamics</topic><topic>Mathematical models</topic><topic>security policy communication</topic><topic>Servers</topic><topic>Spacecraft</topic><topic>Spreads</topic><topic>Web services</topic><topic>XACML</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ardagna, C A</creatorcontrib><creatorcontrib>De Capitani di Vimercati, S</creatorcontrib><creatorcontrib>Paraboschi, S</creatorcontrib><creatorcontrib>Pedrini, E</creatorcontrib><creatorcontrib>Samarati, P</creatorcontrib><creatorcontrib>Verdicchio, M</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on services computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Ardagna, C A</au><au>De Capitani di Vimercati, S</au><au>Paraboschi, S</au><au>Pedrini, E</au><au>Samarati, P</au><au>Verdicchio, M</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Expressive and Deployable Access Control in Open Web Service Applications</atitle><jtitle>IEEE transactions on services computing</jtitle><stitle>TSC</stitle><date>2011-04-01</date><risdate>2011</risdate><volume>4</volume><issue>2</issue><spage>96</spage><epage>109</epage><pages>96-109</pages><issn>1939-1374</issn><eissn>1939-1374</eissn><eissn>2372-0204</eissn><coden>ITSCAD</coden><abstract>Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for the context of open web service systems, where servers generally do not have prior knowledge of the requesters. The research community has acknowledged such a paradigm shift and several investigations have been carried out for new approaches to regulate access control in open dynamic settings. Typically based on logic, such approaches, while appealing for their expressiveness, result not applicable in practice, where simplicity, efficiency, and consistency with consolidated technology are crucial. The eXtensible Access Control Markup Language (XACML) has established itself as the emerging technological solution for controlling access in an interoperable and flexible way. Although supporting the most common policy representation mechanisms and having acquired a significant spread in the research community and the industry, XACML still suffers from some limitations which impact its ability to support actual requirements of open web-based systems. In this paper, we provide a simple and effective formalization of novel concepts that have to be supported for enforcing the new access control paradigm needed in open scenarios, toward the aim of providing an expressive solution actually deployable with today's technology. We illustrate how the concepts of our model can be deployed in the XACML standard by exploiting its extension points for the definition of new functions, and introducing a dialog management framework to enable access control interactions between web service clients and servers.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/TSC.2010.29</doi><tpages>14</tpages></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1939-1374
ispartof	IEEE transactions on services computing, 2011-04, Vol.4 (2), p.96-109
issn	1939-1374 1939-1374 2372-0204
language	eng
recordid	cdi_ieee_primary_5467031
source	IEEE Electronic Library (IEL)
subjects	Access control Authorization Cognition Communities Context credentials Credit cards Deployable access control Deployable structures Dynamics Mathematical models security policy communication Servers Spacecraft Spreads Web services XACML
title	Expressive and Deployable Access Control in Open Web Service Applications
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-07T21%3A59%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Expressive%20and%20Deployable%20Access%20Control%20in%20Open%20Web%20Service%20Applications&rft.jtitle=IEEE%20transactions%20on%20services%20computing&rft.au=Ardagna,%20C%20A&rft.date=2011-04-01&rft.volume=4&rft.issue=2&rft.spage=96&rft.epage=109&rft.pages=96-109&rft.issn=1939-1374&rft.eissn=1939-1374&rft.coden=ITSCAD&rft_id=info:doi/10.1109/TSC.2010.29&rft_dat=%3Cproquest_RIE%3E2359941071%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=868893975&rft_id=info:pmid/&rft_ieee_id=5467031&rfr_iscdi=true