Skip to main content
SpringerLink
Log in

Using Semantic Web Techniques to Implement Access Control for Web Service

  • Conference paper
Information Computing and Applications (ICICA 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 105))

Included in the following conference series:

Abstract

Access control is a challenging problem for web service due to its open and distributed nature, which has not been addressed properly at present. In this paper, we show how semantic web technologies can be used to build a flexible access control system for web service. Role-based Access Control model is followed and extended with credentials. The access control model is represented by an OWL-DL ontology, and specific semantic rules are constructed to implement such as dynamic roles assignment, separation of duty constraints and roles hierarchy reasoning, etc. These semantic rules can be verified and executed automatically by the reasoning engine, which can simplify the definition and enhance the interoperability of the access control policies. A prototype implementation is also provided to validate the proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Singhal, A., Winograd, T., Scarfone, K.: Guide to Secure Web Service. NIST Special Publication 800-95 (2007)

    Google Scholar 

  2. Coetzee, M., Eloff, J.: Towards Web Service Access Control. Computers & Security 23, 559–570 (2004)

    Article  Google Scholar 

  3. Bartoletti, M., Degano, P., Ferrari, G., Zunino, R.: Semantics-Based Design for Secure Web Services. IEEE Transactions on Software Engineering 34(1), 33–49 (2008)

    Article  Google Scholar 

  4. David, F., Ravi, S., Serban, G.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  5. Lorenzo, C., Isabel, F.C., Roberto, T.: A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 1256–1266. Springer, Heidelberg (2007)

    Google Scholar 

  6. Eric, Y., Jin, T.: Attributed based access control for Web services. In: IEEE International Conference on Web Services, pp. 561–569 (2005)

    Google Scholar 

  7. Priebe, T., Dobmeier, W., Kamprath, N.: Supporting Attribute-based Access Control in Authorization and Authentication Infrastructures with Ontologies. Journal of Software 2(1), 27–38 (2007)

    Article  Google Scholar 

  8. Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.: XML-based Specification for Web Services Document Security. IEEE Computer 37(4), 41–49 (2004)

    Article  Google Scholar 

  9. Wu, M., Chen, J.X., Ding, Y.S.: Role-Based Access Control for Web Services. WSEAS Transactions on Information Science and Applications 3(8), 1553–1558 (2006)

    Google Scholar 

  10. W3C: OWL Web Ontology Language Reference (2004), http://www.w3.org/TR/2004/REC-owl-ref-20040210/

  11. W3C: SWRL: A Semantic Web Rule Language Combining OWL and RuleML (2004), http://www.w3.org/Submission/SWRL/

  12. Finin, T., Joshi, A., Kagal, L., et al.: ROWLBAC: Representing Role Based Access Control in OWL. In: 13th ACM Symposium on Access Control Models and Technologies, Colorado, USA, pp. 73–82 (2008)

    Google Scholar 

  13. Knechtel, M., Hladik, J.: RBAC Authorization Decision with DL Reasoning. In: IADIS International Conference WWW/Internet, pp. 169–176 (2008)

    Google Scholar 

  14. Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A semantic context-aware access control framework for secure collaborations in pervasive computing environments. In: Cruz, I., Decker, S., Allemang, D., Preist, C., Schwabe, D., Mika, P., Uschold, M., Aroyo, L.M. (eds.) ISWC 2006. LNCS, vol. 4273, pp. 473–486. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Zhao, C., Heilili, N., Liu, S.: Representation and Reasoning on RBAC: A Description Logic Approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Chae, J.H., Shiri, N.: Formalization of RBAC policy with object class hierarchy. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 162–176. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Wu, D., Lin, J.: Using Semantic Web Technologies to Specify Constraints of RBAC. In: 6th International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 543–545 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Command Automation, PLAUST, Nanjing, China

    Zhengqiu He, Kangyu Huang, Lifa Wu, Huabo Li & Haiguang Lai

Authors
  1. Zhengqiu He
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kangyu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lifa Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Huabo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Haiguang Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computer Science, South-Central University for Nationalities, 708 Minyuan Road, 430074, Wuhan, China

    Rongbo Zhu

  2. Victoria University, 8001, Melbourne, VIC, Australia

    Yanchun Zhang

  3. College of sciences, He’Bei polytechnic University, 063000, Tangshan, Hebei, China

    Baoxiang Liu  & Chunfeng Liu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

He, Z., Huang, K., Wu, L., Li, H., Lai, H. (2010). Using Semantic Web Techniques to Implement Access Control for Web Service. In: Zhu, R., Zhang, Y., Liu, B., Liu, C. (eds) Information Computing and Applications. ICICA 2010. Communications in Computer and Information Science, vol 105. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16336-4_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16336-4_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16335-7

  • Online ISBN: 978-3-642-16336-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation