Skip to Main Content
Based on the analysis of the access control requirements for services, this paper presents an attribute and role based access control model for services. We have described these components in detail and outlined their interactions. The proposed model introduces the notions of business role and service role, defines an automatically produces service role method based on attribute conditions to assign users to service roles, unifies the access control for web services and data resources involved. Finally, we give an access control algorithm for services. This model can provide fine-grained, supporting composite service access control and Mechanism-independent access control policy.