Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

A Template-Based Policy Generation Interface for RESTful Web Services

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2014 Workshops (OTM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8842))

  • 2002 Accesses

Abstract

Cloud computing solutions imply chances for economic advantages concerning investment, administration and maintenance costs. On the downside these advantages are paid with a loss of autonomy; the service providers often predetermine configuration and authorization functionalities. The increase of participating actors represents recent privacy, security and legal issues for service providers and users. The different interests of all involved stakeholders raise a need for distributed access control functionalities, which consider the various restrictions of the stakeholders. The presented work designs and realizes a web interface, service users can use to express fine-grained access control policies concerning their resources. The increase of RESTful online services is addressed by a template approach that serves as a basis for the policy interface. A particular focus is set on the eXtensible Access Control Markup Language (XACML), a standard for distributed access control. Following the XACML standard the web interface is realized within the XACML component model. Users’ requirements are retrieved via the web interface and translated into a complete XACML policy. The generated policies are tested for syntactic and semantic correctness as well as usability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Fielding, R.T.: Architectural Styles and the Design of Network-based Software Architectures University of California. Irvine, USA (2000)

    Google Scholar 

  2. Axiomatics Language for Authorization (ALFA), https://www.axiomatics.com/solutions/products/authorization-for-applications/developer-tools-and-apis/192-axiomatics-language-for-authorization-alfa.html

  3. Kumaraguru, P., Lobo, J., Cranor, L.F., Calo, S.B.S.: A survey of privacy policy languages In: Workshop on Usable IT Security Management. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, USM 2007, ACM (2007)

    Google Scholar 

  4. OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013), http://www.oasis-open.org/committees/xacml

  5. W3C: The Enterprise Privacy Authorization Language, EPAL (2004), http://www.w3.org/2003/p3p-ws/pp/ibm3.html

  6. Anderson, A.: A Comparison of Two Privacy Policy Languages: EPAL and XACML. Sun Microsystems Inc. (2005)

    Google Scholar 

  7. Balana Engine, https://github.com/wso2/balana

  8. Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: AAA Authorization Framework IETF (2000)

    Google Scholar 

  9. Liu, A.X., Chen, F., Hwang, J., Xie, T.: XEngine: A Fast and Scalable XACML Policy Evaluation Engine (2008)

    Google Scholar 

  10. Open Geospatial Consortium: Geospatial eXtensible Access Control Markup Language (GeoXACML) Version 1, Corrigendum Open Geospatial Consortium (2011), http://www.opengeospatial.org/standards/geoxacml

  11. Open Geospatial Consortium: OpenGIS Geography Markup Language (GML) Encoding Standard (2007), http://www.opengeospatial.org/standards/gml

  12. Mazzoleni, P., Crispo, B., Sivasubramanian, S., Bertino, E.: XACML Policy Integration Algorithms ACM Trans. Inf. Syst. Secur. 11, 4:1-4:29 (2008)

    Google Scholar 

  13. Abi Haidar, D., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: An Extended RBAC Profile of XACML. In: Proceedings of the 3rd ACM Workshop on Secure Web Services, pp. 13–22. ACM (2006)

    Google Scholar 

  14. Hu, V., Martin, E., Hwang, J., Xie, T.: Conformance Checking of Access Control Policies Specified in XACML. In: 31st Annual International Computer Software and Applications Conference, COMPSAC 2007, vol. 2, pp. 275–280 (2007)

    Google Scholar 

  15. Lorch, M., Kafura, D., Shah, S.: An XACML-based Policy Management and Authorization Service for Globus Resources. In: Proceedings of the 4th International Workshop on Grid Computing. IEEE Computer Society (2003)

    Google Scholar 

  16. Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First Experiences Using XACML for Access Control in Distributed Systems. In: Proceedings of the 2003 ACM Workshop on XML Security, pp. 25–37. ACM (2003)

    Google Scholar 

  17. NoXACML, https://code.google.com/p/no-xacml/

  18. Organization for the Advancement of Structured Information Standards, OASIS, https://www.oasis-open.org/

  19. Open Geospatial Consortium, OGC, http://www.opengeospatial.org

  20. Rao, P., Lin, D., Bertino, E., Li, N., Lobo, J.: An Algebra for Fine-grained Integration of XACML Policies. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 63–72. ACM (2009)

    Google Scholar 

  21. PHP SDO XML Data Access Service, http://php.net/manual/en/sdo-das-xml.examples.php

  22. Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O.: Policy Administration Control and Delegation Using XACML and Delegent. In: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, pp. 49–54. IEEE Computer Society (2005)

    Google Scholar 

  23. Sun’s XACML implementation, http://sourceforge.net/projects/sunxacml/

  24. Thatmann, D., Slawik, M., Zickau, S., Küpper, A.: Towards a federated cloud ecosystem: Enabling managed cloud service consumption. In: Vanmechelen, K., Altmann, J., Rana, O.F. (eds.) GECON 2012. LNCS, vol. 7714, pp. 223–233. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  25. Turkmen, F., Crispo, B.: Performance Evaluation of XACML PDP Implementations. In: Proceedings of the 2008 ACM Workshop on Secure Web Services, pp. 37–44. ACM (2008)

    Google Scholar 

  26. World Wide Web Consortium, W3C, http://www.w3.org/

  27. WSO2 Identity Server, http://wso2.com/products/identity-server/

  28. Xu, M., Wijesekera, D., Zhang, X., Cooray, D.: Towards Session-Aware RBAC Administration and Enforcement with XACML. In: IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009, pp. 9–16 (2009)

    Google Scholar 

  29. Zhang, N., Ryan, M., Guelev, D.P.: Synthesising Verified Access Control Systems in XACML. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 56–65. ACM (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Service-centric Networking, Technische Universität Berlin, Berlin, Germany

    Philip Raschke & Sebastian Zickau

Authors
  1. Philip Raschke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Zickau
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TU Graz, Rechbauerstraße 12, 8010, Graz, Austria

    Robert Meersman

  2. CRAN, University of Lorraine, Campus Sciences, BP 70239, 54506, Vandoevre-les-Nancy, France

    Hervé Panetto

  3. Department of Software Engineering, Atilim Univeristy, Kızılcaşar Mh Mh, 06830, Ankara, Turkey

    Alok Mishra

  4. Facultad de Informática, Universidad de Murcia, Campus de Espinardo, 30100, Murcia, Spain

    Rafael Valencia-García

  5. Dep. of Informatics Engineering, University of Porto, Rua Dr. Roberto Frias, 4200-465, Porto, Portugal

    António Lucas Soares

  6. SIGMA / LIG, Joseph Fourier University, 220 Rue de la Chimie, BP 53, 38041, Grenoble Cedex 9, France

    Ioana Ciuciu

  7. Institute for Research on Population and Social, National Research Council, Policies, Via Palestro 32, 00185, Rome, Italy

    Fernando Ferri

  8. Dep. Business Informatics, Communications Engineering, Johannes Kepler University, Freistaedterstrasse 315, 4040, Linz, Austria

    Georg Weichhart

  9. STINA Business Solutions GmbH, Schottenfeldgasse 63/2, 1070, Wien, Austria

    Thomas Moser

  10. SAP Research, 805 avenue du Dr Donat, 06259, Sophia-Antipolis, Mougins, France

    Michele Bezzi

  11. Department of Computing, Hong Kong Polytechnic University, PQ806, Mong Man Wai Building, Hong Kong,, China

    Henry Chan

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Raschke, P., Zickau, S. (2014). A Template-Based Policy Generation Interface for RESTful Web Services. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2014 Workshops. OTM 2014. Lecture Notes in Computer Science, vol 8842. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45550-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45550-0_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45549-4

  • Online ISBN: 978-3-662-45550-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation