Abstract
The popularity of REST grows more and more and so does the need for fine-grained access control for RESTful services. Attribute Based Access Control (ABAC) is a very generic concept that generalizes multiple different access control mechanisms. XACML is an implementation of ABAC based on XML and is established as a standard solution. Its flexibility opens the opportunity to specify detailed security policies. But on the other hand it has some drawbacks regarding maintenance and performance when the complexity of security policies grows. Long processing times for authorization requests are the consequence in environments that require fine-grained access control. We describe how to design a security policy in a resource oriented environment so that its drawbacks are minimized. The results are faster processing times for access requests and a guideline to structure security policies for RESTful services easing their maintenance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Brachmann, E., Dittmann, G., Schubert, K.: Simplified authentication and authorization for RESTful services in trusted environments. In: Proceedings of the First European Conference on Service-Oriented and Cloud Computing, ESOCC 2012 (2012)
Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms. MIT Press, Cambridge (2001)
Cubera, D., Epstein, A.: Fast difference and update of XML documents. In: XTech 1999 (1999)
Fielding, T.R.: Architectural Styles and the Design of Network-based Software Architectures. University of California, Irvine (2000)
Organization for the Advancement of Structured Information Standard. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard (2013)
Graf, S., Zholudev, V., Lewandowski, L., Waldvogel, M.: Hecate, managing authorization with RESTful XML. In: WS-REST 2011 (2011)
Hüffmeyer, M., Schreier, U.: An attribute based access control model for RESTful services. In: SummerSOC 2015 (2015)
Internet Engineering Task Force. Hypertext Transfer Protocol - HTTP/1.1. RFC 2616 (1999)
Liu, A., Chen, F., Hwang, J., Xie, T.: Xengine: a fast and scalable XACML policy evaluation engines. In: SIGMETRICS 2008 (2008)
Liu, A., Chen, F., Hwang, J., Xie, T.: Designing fast and scalable XACML policy evaluation engines. IEEE Trans. Comput. 60, 1802–1817 (2011)
Lorch, M., Kafura, D., Shah, S.: An XACML-based policy management and authorization service for globus resources. In: GRID 2003 (2003)
Marouf, F., Shehab, M., Squicciarini, A., Sundareswaran, S.: Adaptive reordering and clustering-based framework for efficient XACML policy evaluation. IEEE Trans. Serv. Comput. 4, 300–313 (2010)
Miseldine, P.: Automated XACML policy reconfiguration for evaluation optimisation. In: SESS 2008 (2008)
Ros, S., Lischka, M., Marmol, F.: Graph-based XACML evaluation. In: SACMAT 2012 (2012)
Sandhu, D.: The authorization leap from rights to attributes: maturation or chaos? In: SACMAT 2012 (2012)
Shen, H., Hong, F.: An attribute based access control model for web services. In: Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006 (2006)
Sun, F., Xu, L., Su, Z.: Static detection of access control vulnerabilities in web applications. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011 (2011)
Wang, Y., DeWitt, D., Cai, J.: X-diff: an effective change detection algorithm for XML documents. In: ICDE 2003 (2003)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, ICWS 2005 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Hüffmeyer, M., Schreier, U. (2016). Designing Efficient XACML Policies for RESTful Services. In: Hildebrandt, T., Ravara, A., van der Werf, J., Weidlich, M. (eds) Web Services, Formal Methods, and Behavioral Types. WS-FM WS-FM 2014 2015. Lecture Notes in Computer Science(), vol 9421. Springer, Cham. https://doi.org/10.1007/978-3-319-33612-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-33612-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33611-4
Online ISBN: 978-3-319-33612-1
eBook Packages: Computer ScienceComputer Science (R0)