A Framework for Modeling Restricted Delegation in Service Oriented Architecture

  • Muhammad Alam
  • Michael Hafner
  • Ruth Breu
  • Stefan Unterthiner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)


We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language for modeling access rights based on the concept of Role Based Access Control (RBAC). SECTET-PL is part of the SECTET framework for model-driven security for B2B workflows. Our Rights Delegation Model combines the concept of roles from RBAC with the predicative specification of SECTET-PL. The Rights Delegation Models are translated into XACML Delegation Policies, which are interpreted by a security gateway.


Policy Language Trust Management Access Policy Role Base Access Control Trust Negotiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alam, M., Hafner, M., Breu, R.: Modeling Authorization in a SOA based Distributed Workflow. In: IASTED Software Engineering (2006) ISBN: 0-88986-572-8Google Scholar
  2. 2.
    Breu, R., Popp, G.: Actor-centric modeling of user rights. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 165–179. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Alam, M., et al.: Model-Driven Privacy Management (submitted)Google Scholar
  4. 4.
    Alam, M., et al.: Model Driven Security for Web Services (MDS4WS). In: INMIC 2004 (2004), Digi. Obj. Id. 10.1109/INMIC.2004.1492930Google Scholar
  5. 5.
    Alam, M., et al.: Modeling Permissions in a (U/X)ML World. In: ARES 2006 (to appear, 2006)Google Scholar
  6. 6.
    Hafner, M., et al.: A Security Architecture For Inter-organizational Workflows-Putting WS Security Standards Together. In: ICEIS 2005 (2005), ISBN: 972-8865-19-8Google Scholar
  7. 7.
    Hafner, M., et al.: Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: IEEE ICWS 2005 (2005), ISBN: 0-7695-2409-5Google Scholar
  8. 8.
    Breu, R., et al.: Model Based Developement of Access Policies (submitted)Google Scholar
  9. 9.
    Breu, R., Hafner, M., Weber, B., Novak, A.: Model Driven Security for Inter-organizational Workflows in e-Government. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS, vol. 3416, pp. 122–133. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    SECTETPL : A Predicative Language for the Specification of Access Rights,
  11. 11.
    Yin, G., Wang, H.-m., Liu, T., Chen, M.-f., Shi, D.-x.: Trust Management with Safe Privilege Propagation. In: Cao, J., Nejdl, W., Xu, M. (eds.) APPT 2005. LNCS, vol. 3756, pp. 174–183. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Lee, H.-H., Lee, Y., Noh, B.-N.: A New Role-Based Delegation Model Using Sub-role Hierarchies. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 811–818. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Wang, J., et al.: Extending the SAML to Support Delegation for Web Services and Grid Services. In: IEEE ICWS 2005 (2005), ISBN: 0-7695-2409-5Google Scholar
  14. 14.
    Stoupa, K., Vakali, A.I., Li, F., Tsoukalas, I.A.: XML-Based Revocation and Delegation in a Distributed Environment. In: Lindner, W., Mesiti, M., Türker, C., Tzitzikas, Y., Vakali, A.I. (eds.) EDBT 2004. LNCS, vol. 3268, pp. 299–308. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Li, N., Mitchell, J.: RT: A role-based trust-management framework (2003),
  16. 16.
    Blaze, M., et al.: The KeyNote Trust-Management System. RFC 2704 (September 1999)Google Scholar
  17. 17.
    Model Driven Architecture,
  18. 18.
    OASIS Organization for the Advancement of Structured Information Standards,
  19. 19.
    UML 2.0 OCL Specification,
  20. 20.
    Breu, R., Breu, M., Hafner, M., Nowak, A.: Web service engineering – advancing a new software engineering discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 8–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Kim, S., et al.: Wokflow-based Authorization. Journal of Grid Computing (2004)Google Scholar
  22. 22.
  23. 23.
    Shiboleth protocols and profiles (August 2005),
  24. 24.
    Jiang, W., Li, C., Hao, S., Dai, Y.-Q.: Using Trust for Restricted Delegation in Grid Environments. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 293–301. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
  26. 26.
    XACML v3.0 administration policy Working Draft (December 05, 2005),
  27. 27.
    Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: IEEE ICWS 2005 (2005) ISBN 0-7695-2409-5Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Muhammad Alam
    • 1
  • Michael Hafner
    • 1
  • Ruth Breu
    • 1
  • Stefan Unterthiner
    • 1
  1. 1.Quality EngineeringUniversity of InnsbruckInnsbruck, TirolAustria

Personalised recommendations