Abstract
The XACML is the access controller of the World Wide Web (WWW). The current reference implementation has a single policy decision point and a policy enforcement point. If XACML policies are used to control workflow among cooperating web services, such as those envisioned in more contemporary languages like (BPEL), it requires coordination to be policy compliant. We propose the necessary enhancements required to do so by passing contextual information that are needed for the requester to evaluate an access control decision as opposed to the standard four decision values of permit, deny, indeterminate to make a decision and an unforeseeable error occurred during evaluation. Proposed contextual information is sufficient to coordinate and if necessary synchronize among coordinating policy enforcement points distributed among the WWW. We show how the contextual information can be constructed and verified using the Resource Description Framework (RDF) and the coordination implemented using BPEL.
Chapter PDF
Similar content being viewed by others
Keywords
- Resource Description Framework
- Decision Context
- Access Control Policy
- Business Process Execution Language
- Role Base Access Control
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alexaki, S., Christophides, V., Karvounarakis, G., Plexousakis, D., Tolle, K.: The ICSFORTH RDFSuite: Managing voluminous rdf description bases. In: Second International Workshop on the Semantic Web (SemWeb 2001) (May 2001)
Atluri, V., Huang, W., Bertino, E.: A semantic-based execution model for multilevel secure workflows. Journal of Computer Security 8(1) (2000)
Beckett, D.: The design and implementation of the Redland RDF application framework. In: Tenth International World Wide Web Conference (WWW10) (May 2001)
Bertino, E., Crampton, J., Paci, F.: Access control and authorization constraints for WS-BPEL. In: IEEE International Conference on Web Services (ICWS 2006), pp. 275–284 (2006)
Bertino, E., Ferrari, E., Atluri, V.: A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems. In: ACM Workshop on Role-Based Access Control, pp. 1–12 (1997)
Brickley, D., Guha, R.: Resource Description Framework (RDF) Schema Specification 1.0: RDF schema. W3C working Draft (2003)
Brickley, D., Guha, R., McBride, B.: RDF vocabulary description language 1.0: RDF schema. W3C Recommendation (February 2004)
Broekstra, J., Kampman, A.: SeRQL, a second generation RDF query language. In: SWAD-Europe Workshop on Semantic Web Storage and Retrieval, Amsterdam (November 2004)
Chen, L., Gupta, A., Kurul, M.E.: A semantic-aware RDF query algebra. In: 12th International Conference on Management of Data (COMAD), Hyderabad (December 2005)
Chen, S., Wijesekera, D., Jajodia, S.: Flexflow: A flexible flow control policy specification framework. In: 17th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2003), pp. 358–371 (2003)
Dhankhar, V., Kaushik, S., Wijesekera, D.: XACML policies for exclusive resource usage. In: 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2007) (2007)
Dhankhar, V., Kaushik, S., Wijesekera, D., Nerode, A.: Evaluating distributed XACML policies. In: 2007 ACM Workshop on Secure Web Services (SWS 2007) (November 2007)
Fox, M.S.: Knowledge Representation for Decision Support Systems. Elsevier, Amsterdam (1985)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)
Kaushik, S., Farkas, C., Wijesekera, D., Ammann, P.: An algebra for composing ontologies. In: International Conference on Formal Ontology in Information Systems (FOIS 2006) (November 2006)
Klyne, G., Carroll, J.J., McBride, B.: Resource description framework (RDF): Concepts and abstract syntax. W3C Recommendation (2004)
McBride, B.: Jena: Implementing the rdf model and syntax specification. In: Second International Workshop on the Semantic Web (SemWeb 2001) (May 2001)
Miller, L., Seaborne, A., Reggiori, A.: Three implementations of SquishQL, a simple RDF query language. In: Horrocks, I., Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, pp. 399–403. Springer, Heidelberg (2002)
OASIS. Business process execution language for web services (May 2003)
OASIS. XACML profile for role based access control (rbac) (February 2004), http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf
OASIS. Extensible access control markup language (February 2005)
Prud’hommeaux, E., Seaborne, A.: SPARQL query language for RDF (April 2005), http://www.w3.org/TR/rdf-sparql-query
Sandhu, R., Ferraiolo, D., Kuhn, R.D.: The NIST model for role based access control: Towards a unified standard. In: 5th ACM Workshop on Role Based Access Control (July 2000)
Seaborne, A.: A query language for RDF (2004), http://www.w3.org/Submission/2004/SUBM-RDQL-20040109
Sintek, M., Decker, S.: Triple, an RDF query, inference and transformation language. In: Deductive databases and knowledge management (DDLP) (2001)
Sun Microsystems. Sun’s XACML implementation (July 2004), http://sunxacml.sourceforge.net/index.html
Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A logical specification for usage control. In: SACMAT 2004: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 1–10. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Dhankhar, V., Kaushik, S., Wijesekera, D. (2008). Securing Workflows with XACML, RDF and BPEL. In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)