Abstract
Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user’s attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.
Similar content being viewed by others
References
Sandhu R S, Coyne E J, Feinstein H L, et al. Role-Based Access Control Models[J]. IEEE Computer, 1996, 29(2): 38–47.
Ferraiolo D F, Sandhu R, Gavrila S, et al. Proposed NIST Standard for Role-Based Access Control[J]. ACM Transactions on Information and System Security, 2001, 4(3):224–274.
Mohammad A, Al-Kahtani H, Ravi S. A Model for Attribute-Based User-Role Assignment[C]// Proceedings of the 18th Annual Computer Security Applications Conference. Las Vegas: IEEE Computer Society, 2002.
Mohammad A, Al-Kahtani H, Ravi S. Induced Role Hierarchies with Attribute-Based RBAC[C]// Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies. Villa Gallia: ACM Press, 2003.
Mohammad A. Al-Kahtani H, Ravi S. Rule-Based RBAC with Negative Authorization[C]//Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC04). Tucson: IEEE Computer Society, 2004.
Kern A, Walhorn C. Rule Support for Role Based Access Control[C]//Proceedings 10th ACM Symposium on Access Control Models and Technologies(SACMAT05). Stockholm: ACM Press, 2005.
Yuan E, Tong J. Attributed Based Access Control (ABAC) for Web Services[C]// Proceedings of the IEEE International Conference on Web Services (ICWS’05). Orlando: IEEE Computer Society, 2005.
Liu Miao, Guo Heqing, Su Jindian. An Attribute and Role Based Access Control Model for Web Services [C]// Proceedings of the Fourth International Conference on Machine Learning and Cybernetics. Guangzhou: IEEE Press, 2005.
Kapsalis V, Hadellis L, Karelis D, et al. A Dynamic Context-Aware Access Control Architecture for E-Services[J]. Computers & Security, 2006, 25(7): 507–521.
Shen Haibo, Hong Fan. An Attribute-Based Access Control Model for Web Services[C]// Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT′06). Taipei: IEEE Computer Society, 2006.
Ye Chunxiao, Wu Zhongfu. An Attribute-Based Delegation Model and Its Extension[J]. Journal of Research and Practice in Information Technology, 2006, 38(1):3–17.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item:Supported by the National Natural Science Foundation of China (60402019, 60772098 and 60672068)
Biography: ZHU Yiqun(1977–), female, Ph.D. candidate, research direction: trustworthy computing and network information security.
Rights and permissions
About this article
Cite this article
Zhu, Y., Li, J. & Zhang, Q. General attribute based RBAC model for web services. Wuhan Univ. J. Nat. Sci. 13, 81–86 (2008). https://doi.org/10.1007/s11859-008-0116-2
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-008-0116-2