AeG security infrastructure for web service access control

In this video demonstration, Access-eGov's security architecture for attribute-based access control to web services is presented. The architecture implementation is based on OASIS' XACML standard and consists of various access control points that can loosely be distributed across a network, themselves being web services.

Access-eGov's Personal Assistant Client (PAC) is envisioned to act as Access Requester for our access control infrastructure.

Due to a lack of SOAP-based web services at user partner premises, an example service has been used to illustrate access control: The „LoveBoatKiel" web service offers a sailing ship as marriage location and shall only be booked by persons at legal

age. The reservation service is the resource that is to be protected by our access control infrastructure against fraudulent use.

One major achievement is the fact that access control is now a simple add-on to existing web services, realised via a pre-staged handler chain, thus applying a loose coupling approach between security components and the actual web service

resource. In addition, the architectural components can be integrated using standard AeG semantic annotations.

The herein presented attribute-based access control system for protecting web service resources was implemented and tested in early 2009.

Category:

Science & Technology

Tags:

• Access-eGov
• AeG
• security
• ABAC
• XACML
• OASIS
• EU project
• FP6
• 2009
• PIP
• PDP
• PAP
• PEP
• web services
• electronic government
• LoveBoatKiel
• University of Regensburg

License:

Standard YouTube License