Un Servicio Web de Polícitas de Acceso Basadas en Roles para Hipermedia (A Web Service for Hypermedia Role-Based Access Policies)

Daniel Sanz (dsanz@inf.uc3m.es), Ignacio Aedo (aedo@ia.uc3m.es), Paloma Díaz (pdp@inf.uc3m.es)

Grupo DEI, Departamento de Informática, Universidad Carlos III de Madrid.
This paper appears in: Revista IEEE América Latina

Publication Date: April 2006
Volume: 4,   Issue: 2 
ISSN: 1548-0992

High level security is a key requirement in hypermedia/web applications. The systems opening to the Internet makes the research effort to move towards protecting the information transmission (i.e. SOAP messages, policy descriptions,…), but little attention is paid to what the user can do with the system. Role-based access control (RBAC) allows to formulate the organization's resource access policy in a simple, natural way, so a role-based access model for hypermedia will make it easier to integrate the security design with the rest of the system design. In service oriented architectures, an access policy service would allow to gather the management and deployment of the security policy in distributed and heterogeneous environments. This paper describes a role-based access control model for hypermedia called MARAH, and its implementation as a web service. An use case of the model in the design of the ARCE application is also discussed.

Index Terms:
Access control, hypermedia systems, web services   

Documents that cite this document
This function is not implemented yet.

[PDF Full-Text (1301)]