[Back]

W. Hummer, P. Gaubatz, M. Strembeck, U. Zdun, S. Dustdar:
"An Integrated Approach for Identity and Access Management in a SOA Context";
Talk: 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011), Innsbruck, Austria; 2011-06-15 - 2011-06-17; in: "Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011)", ACM, (2011), ISBN: 978-1-4503-0721-5; 21 - 30.

In this paper, we present an approach for identity and access management
(IAM) in the context of (cross-organizational) serviceoriented
architectures (SOA). In particular, we defined a domainspecific
language (DSL) for role-based access control (RBAC) that
allows for the definition of IAM policies for SOAs. For the application
in a SOA context, our DSL environment automatically produces
WS-BPEL (Business Process Execution Language for Web
services) specifications from the RBAC models defined in our DSL.
We use the WS-BPEL extension mechanism to annotate parts of
the process definition with directives concerning the IAM policies.
At deployment time, the WS-BPEL process is instrumented with
special activities which are executed at runtime to ensure its compliance
to the IAM policies. The algorithm that produces extended
WS-BPEL specifications from DSL models is described in detail.
Thereby, policies defined via our DSL are automatically mapped to
the implementation level of a SOA-based business process. This
way, the DSL decouples domain experts´ concerns from the technical
details of IAM policy specification and enforcement. Our approach
thus enables (non-technical) domain experts, such as physicians
or hospital clerks, to participate in defining and maintaining
IAM policies in a SOA context. Based on a prototype implementation
we also discuss several performance aspects of our approach.

Identity and Access Management, SAML, SOAP, WS-BPEL,WSSecurity

http://dx.doi.org/10.1145/1998441.1998446