Abstract
Service-oriented architectures implemented by web services technologies provide standardized protocols for communicating and sharing information across organizational boundaries. The access control of shared services becomes an essential requirement for a secure federation of services. The identity federation provides part of the response by allowing users to authenticate once in an organization and to access the services of others with its authorization information or attributes. However, in a federation, the organizations may have different access control models and authorization attributes with different or even incompatible semantics. Interoperability between the access control models becomes crucial to the federation of services. Existing federated access control solutions are based on the single sign-on with common authorization attributes or the identity mapping that is not scalable in a service-oriented environment. In this paper, we propose a cross-organizational access control method for the federation of services protected by heterogeneous access control models. Our method is based on a new federation architecture that responds to the heterogeneity of authorization attributes via independent attributes introduced at the federation level.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Security Assertion Markup Language (SAML) OASIS Standard.
- 2.
eXtensible Access Control Markup Language (XACML) OASIS Standard.
- 3.
Apache CXF, https://cxf.apache.org.
- 4.
- 5.
Metro web service stack, https://javaee.github.io/metro/.
- 6.
Java API for XML-Based Web Services, Sun Microsystems, Inc.
- 7.
Windows Communication Foundation.
- 8.
- 9.
ForgeRock OpenAM, https://backstage.forgerock.com/docs/openam.
References
OASIS: Reference Architecture Foundation for Service Oriented Architecture Version 1.0, 04 December 2012
OASIS: Web Services Federation Language (WS-Federation) Version 1.2. Standard, 22 May 2009
International Telecommunication Union: Baseline identity management terms and definitions, 04 April 2010
Fabian, B., Kunz, S., MüLler, S., GüNther, O.: Secure federation of semantic information services. Decis. Support Syst. 55(1), 385–398 (2013)
Hafeez, K., Rajpoot, Q., Shibli, A.: Interoperability among access control models. In: 2012 15th International Multitopic Conference (INMIC), 111–118, IEEE, Islamabad, December 2012
Preuveneers, D., Joosen, W., Ilie-Zudor, E.: Policy reconciliation for access control in dynamic cross-enterprise collaborations. Enterp. Inform. Syst. 12(3), 279–299 (2018)
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. Technical report NIST SP 800–162, National Institute of Standards and Technology, January 2014
Beer Mohamed, M.I., Hassan, M.F., Safdar, S., Saleem, M.Q.: Adaptive security architectural model for protecting identity federation in service oriented computing. J. King Saud Univ. - Comput. Inf. Sci. (2019)
Kallela, J.: Federated identity management solutions. T-110.5190 Seminar on Internetworking (2008)
Menzel, M., Wolter, C., Meinel, C.: Access control for cross-organisational web service composition. J. Inf. Assur. Secur. 2(3), 155–160 (2007)
Dikmans, L., Van Luttikhuizen, R.: SOA made simple discover the true meaning behind the buzzword that is “service oriented architecture”. Packt Pub, Birmingham (2013). OCLC: 847034163
Papazoglou, M.P.: Web Services: Principles and Technology. Pearson/Prentice Hall, Harlow (2008). OCLC: 255863191
Duan, N.: Design principles of a federated service-oriented architecture model for net-centric data sharing. J. Defense Model. Simul.: Appl. Methodol. Technol. 6(4), 165–176 (2009)
Decat, M., Van Landuyt, D., Lagaisse, B., Joosen, W.: On the need for federated authorization in cross-organizational e-health platforms. In: Proceedings of the 8the international conference on Health Informatics, vol. 8, pp. 540–546 (2015)
Haguouche, S., Jarir, Z.: Managing heterogeneous access control models cross-organization. In: Lopez, J., Ray, I., Crispo, B. (eds.) CRiSIS 2014. LNCS, vol. 8924, pp. 222–229. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17127-2_15
Fragoso-Rodriguez, U., Laurent-Maknavicius, M., Incera-Dieguez, J.: Federated identity architectures. In: Proceedings of 1st Mexican Conference on Informatics Security (MCIS 2006), p. 8 (2006)
BAH, A., André, P., Attiogbé, C., Konaté, J.: Federated access control in service oriented architecture. Research report, LS2N, Université de Nantes, April 2019
Bertino, E., Martino, L., Paci, F., Squicciarini, A.: Security for Web Services and Service-Oriented Architectures. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-540-87742-4
Aruna, S.: Security in web services- issues and challenges. Int. J. Eng. Res. V5(09) (2016). IJERTV5IS090245
Singhal, A., Winograd, T., Scarfone, K.A.: Guide to secure web services. Technical report NIST SP 800–95, National Institute of Standards and Technology, Gaithersburg, MD (2007)
Jasiul, B., Sliwa, J., Piotrowski, R., Goniacz, R., Amanowicz, M.: Authentication and authorization of users and services in federated SOA environments - challenges and opportunities, p. 13 (2010)
Rubio-Medrano, C.E., Zhao, Z., Doupe, A., Ahn, G.J.: Federated access management for collaborative network environments: framework and case study. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies - SACMAT 2015, pp. 125–134. ACM Press, Vienna (2015)
Na, L., Yun-Wei, D., Tian-Wei, C., Chao, W., Yang, G., Yu-Chen, Z.: Cross-domain authorization management model for multi-levels hybrid cloud computing. Int. J. Secur. Appl. 9(12), 357–366 (2015)
Diniz, T., Felippe, A.C.D., Medeiros, T., Silva, C.E.D., Araujo, R.: Managing access to service providers in federated identity environments: a case study in a cloud storage service. In: 2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems, pp. 199–207. IEEE, Vitoria, May 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bah, A., André, P., Attiogbé, C., Konate, J. (2020). Federation of Services from Autonomous Domains with Heterogeneous Access Control Models. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information and Cyber Security. ISSA 2019. Communications in Computer and Information Science, vol 1166. Springer, Cham. https://doi.org/10.1007/978-3-030-43276-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-43276-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43275-1
Online ISBN: 978-3-030-43276-8
eBook Packages: Computer ScienceComputer Science (R0)