The Research of Access Process in Web Services Based on XACML

Abstract

Access control is one of the key technologies used in Web services, which can make sure the security of web services. The traditional access control models such as mandatory access control couldn't make the access control flexible and enable due to their design limitations, and then the access process of authorization in web services becomes fuzzy. Usage control model (UCON) is proposed to strengthen the expression of access control model, but UCON is an only conceptual model. How to use it in access process still have much work to do, In order to solve the problem, the paper proposes the usage control model in web services, and proposes the process of access control for the requesters and services in web services based on XACML. Finally, a small example is given to verify the availability of the access control model and access process.