Databases Reference
In-Depth Information
Lodderstedt et al. [14] not only propose a methodology for modeling se-
curity policies, they also created an EJB generator which allows software de-
velopers to generate EJB applications with fully configured role-based access
control including role definitions, method permissions, role assignments, and
authorization constraints without specifying the policies by hand. The soft-
ware developers are therefore able automatically implement the role-based
access control enforcement mechanisms without complicated EJB coding.
Differing from Lodderstedt et al. the approach of [14], Satoh et al. [17]
propose a framework to create security policies in WS-Policy. The frame-
work enables the users who are not-security experts to configure authenti-
cation policies easily in a platform-independent manner on the basis of the
application semantics. The key point is that an abstract security qualifier,
Authentication
, is defined to specify an identity that should be authenti-
cated, and then the security qualifier is transformed to a platform-specific
security policy using security policy templates. In this approach, the concrete
security policies are created using the security policy template for authentica-
tion shown in Figure 11, where the parameters are represented using brackets
like
.
MileageNo
, for example, the real domain name replaces
{
DOMAIN NAME
}
{
in policy transformation. As a result, the software developers
can specify the security policies without detailed knowledge of WS-Policy.
DOMAIN NAME
}
<wsp:Policy xmlns:sp="http://...">
<Authentication>
<CallerToken>
<securityDomain domainName="
{
DOMAIN NAME
}
"/>
{
CALLER TOKEN ASSERTION
}
<TrustToken method="
{
TRUSTMETHOD TYPE
}
">
<securityDomain domainName="
{
DOMAIN NAME
}
"/>
{{
TRUST TOKEN ASSERTION
}}
</TrustToken>
</CallerToken>
</Authentication>
</wsp:Policy>
Fig. 11.
Security Policy Template
6 Conclusions
In this chapter, we have discussed the main features of two security policy
languages and one policy framework. XACL and XACML are expressive and
powerful in specifying access control policies for the XML data, while WS-
Policy framework focuses more on security-related functional operation of the
services. Also, we addressed the policy modeling and generation tools that
have been developed to help users in capturing the security requirements
during the design, and to develop the security policies and functions during
