Role-Based Access Control for Web Services

摘要

According to the advantage of platform independent, loose coupling and opening, Web Services technologies provide a programming model that can accelerate application integration cross-enterprise. The challenge of securely controlling access to Web Services become a hot topic. Large-scale interconnection of systems and services, decentralized administration, and rapidly changing service compositions require a flexible access control model. In this paper, we focus on access control of Web Services based on its security requirements. An abstract Web Services model and an extended role-based access control model for Web Services (RBAC_WS) are proposed. A prototype application is developed to demonstrate the practical feasibility of this technology.