By Topic

A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Hebig, R.N. ; IT-Syst. Eng., Hasso-Plattner-Inst., Potsdam, Germany ; Meinel, C. ; Menzel, M. ; Thomas, I.
more authors

The loosely coupled nature of service-oriented architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.

Published in:

Web Services, 2009. ICWS 2009. IEEE International Conference on

Date of Conference:

6-10 July 2009