Research of Access Control Policy Based on Context and Role for Web Service

摘要

The interacting entities in web service usually can’t be predetermined and may be in different security domains. To address the access authorization for unknown users across domain borders, access control of web service should be performed based on the domain-independent access control information but not the identities. In this paper, a context and role based access control policy model is proposed that can be appropriate for web service environment. The model is centered around the contexts to define and perform access control policies. It first bases the context of users to execute dynamic roles assignment, and then uses the contexts of environment and resource to constrain the authorization decision. We use Description Logic language to formalize the policy model. A series of access control policy axioms are defined and the Access Control Policy Knowledge Base is proposed that has the capacity of reasoning about the policies. Finally, the enforcement effect of access control policy is verified in Racer reasoning system, and the experiment result shows the feasibility and validity of the presented method.