Talks and Poster Presentations (with Proceedings-Entry):
W. Hummer, P. Gaubatz, M. Strembeck, U. Zdun, S. Dustdar:
"An Integrated Approach for Identity and Access Management in a SOA Context";
Talk: 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011),
- 2011-06-17; in: "Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011)",
In this paper, we present an approach for identity and access management
(IAM) in the context of (cross-organizational) serviceoriented
architectures (SOA). In particular, we defined a domainspecific
language (DSL) for role-based access control (RBAC) that
allows for the definition of IAM policies for SOAs. For the application
in a SOA context, our DSL environment automatically produces
WS-BPEL (Business Process Execution Language for Web
services) specifications from the RBAC models defined in our DSL.
We use the WS-BPEL extension mechanism to annotate parts of
the process definition with directives concerning the IAM policies.
At deployment time, the WS-BPEL process is instrumented with
special activities which are executed at runtime to ensure its compliance
to the IAM policies. The algorithm that produces extended
WS-BPEL specifications from DSL models is described in detail.
Thereby, policies defined via our DSL are automatically mapped to
the implementation level of a SOA-based business process. This
way, the DSL decouples domain experts´ concerns from the technical
details of IAM policy specification and enforcement. Our approach
thus enables (non-technical) domain experts, such as physicians
or hospital clerks, to participate in defining and maintaining
IAM policies in a SOA context. Based on a prototype implementation
we also discuss several performance aspects of our approach.
Identity and Access Management, SAML, SOAP, WS-BPEL,WSSecurity
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Created from the Publication Database of the Vienna University of Technology.