A context-aware role-based access control model for Web services

Abstract

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lacks of context-aware models for access control, and do not deal with composite Web service. In this paper, we present a context-aware role-based access control model (CGRBAC) to addresses these issues. The proposed approach introduces global roles which are used in the mapping to local roles of other services providers. We outline the configuration mechanism needed to apply our model to the Web services environment