Abstract
Enhancing the service-oriented architecture paradigm with semantic components is a new field of research and goal of many ongoing projects. The results lead to more powerful web applications with less development effort and better user support. While some of these advantages are without doubt novel, challenges and opportunities for the security arise. In this paper we introduce a security architecture built in a semantic service-oriented architecture. Focusing on an attributebased access control approach, we present an access control model that facilitates semantic attribute matching and ontology mapping. Furthermore, our security architecture is capable of distributing the Policy Decision Point (PDP) from the service provider to different locations in the platform, eliminating the need of disclosing privacy-sensitive user attributes to the service provider. With respect to privacy preferences of the user and trust settings of the service provider, our approach allows for dynamically selecting a PDP. With more advanced trusted computing technology in the future it is possible to place the PDP on user side, reaching a maximum level of privacy.
Please use the following formal when citing this chapter: Kolter, j., Schillinger, R., and Pernul, G.. 2007, in 1FIP International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M-, Labuschagne, L., Eloff, J., von Solms, R., (Boston: Springer), pp. 397–408.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
MacKenzie, C. M. and Laskey, K. and McCabe, F. and Brown, P. F. and Metz, R. Reference Model for Service Oriented Architecture 1.0. OASIS Standard, October 2006.
J. Lopez, R. Oppliger, and G. Pernul. Authentication and Authorization Infrastructures (AAIs): A Comparative Survey. Computers & Security, 23(7):578–590, 2004.
R. Sandhu and P. Samarati. Access Control: Principle and Practice. Communications Magazine, IEEE, 32(9):40–48, 1994.
E.B. Fernandez and G. Pernul. Patterns for Session-Based Access Control. In Proc. of the Pattern Languages of Programming conference (PLoP’ 06), October 2006.
C.J. McCollum, J.R. Messing, and L. Notargiacomo. Beyond the Pale of MAC and DAC — Defining New Forms of Access Control. In IEEE Symposium on Security and Privacy, pages 190–200, 1990.
ITU-T Recommendation. X.509: The Directory — Public Key and Attribute Certificate Frameworks, March 2000.
S. Farrell and R. Housley. RFC3281: An Internet Attribute Certificate Profile for Authorization. Internet RFCs, 2002.
W. Johnston, S. Mudumbai, and M. Thompson. Authorization and Attribute Certificates for Widely Distributed Access Control. In Proc. of the 7th Workshop on Enabling Technologies (WETICE’ 98), pages 340–345, Washington, DC, United States, 1998. IEEE Computer Society.
J.S. Park and R. Sandhu. Smart Certificates: Extending X.509 for Secure Attribute Services on the Web. In Proceedings of the 22nd National Information Systems Security Conference (NISSC), October 1999.
D. Chadwick, A. Otenko, and E. Ball. Role-based Access Control with X.509 Attribute Certificates. IEEE Internet Computing, 7(2):62–69, 2003.
N.R. Adam, V. Atluri, E. Bertino, and E. Ferrari. A Content-based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering, 14(2):296–315, 2002.
T. Moses, extensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, February 2005.
T. Priebe, W. Dobmeier, and N. Kamprath. Supporting Attribute-based Access Control with Ontologies. In Proc. of the 1st International Conference on Availability, Reliability and Security (ARES’ 06), pages 465–472, Los Alamitos, CA, United States, 2006. IEEE Computer Society.
R. Baeza-Yates and B. Ribeiro-Neto. Modern Information Retrieval. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, United States, 1999.
T. Berners-Lee, J. Hendler, and O. Lassila. The Semantic Web. Scientific American, May 2001.
P. Bednar, S. Diirbeck, J. Hreno, M. Mach, R. Lukasz, and R. Schillinger. AccesseGov Platform Architecture. Access-eGov deliverable D3.1, October 2006.
R. Klischewski, S. Ukena, and D. Wozniak. User Requirements Analysis & Development/Test Recommendation. Access-eGov deliverable D2.2, July 2006.
T. Priebe, W. Dobmeier, B. Muschall, and G. Pernul. ABAC — Ein Referenzmodell für attributbasierte Zugriffskontrolle. In Proc. of the 2nd Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik (Sicherheit’ 05), pages 285–296, 2005.
L. Cranor, M. Langheinrich, and M. Marchiori. A P3P Preference Exchange Language 1.0 (APPEL 1.0). World Wide Web Consortium Working Draft, April 2002.
B. Balacheff, L. Chen, S. Pearson, D. Plaquin, and G. Proudler. Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River, NJ, United States, 2002.
T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A Virtual Machine-based Platform for Trusted Computing. In Proc. of the nineteenth ACM symposium on Operating systems principles (SOSP’ 03), pages 193–206, New York, NY, United States, 2003. ACM Press.
R. Sandhu and X. Zhang. Peer-to-Peer Access Control Architecture Using Trusted Computing Technology. In Proc. of the tenth ACM symposium on Access control models and technologies, pages 147–158, New York, NY, United States, 2005. ACM Press.
J.A. Montenegro and F. Moya. A Practical Approach of X.509 Attribute Certificate Framework as Support to Obtain Privilege Delegation. In Proc. of the 1st European PKI Workshop (EuroPKI’ 04), pages 160–172. Lecture Notes in Computer Science (LNCS), 2004.
John Hughes, Eve Maler, and Rob Philpott. Technical Overview of the OASIS Security Assertion Markup Language (SAML), Version 1.1, May 2004.
D. Roman, H. Lausen, and U. Keller. Web Service Modeling Ontology (WSMO). WSMO deliverable D2vl.3, October 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Kolter, J., Schillinger, R., Pernul, G. (2007). Building a Distributed Semantic-aware Security Architecture. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_34
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_34
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)