A policy tree-based architecture for web services authorization

Web service has emerged as a fundamental technique for developing Web application due to its highly dynamic and cross-domain characteristics, but which still pose new challenges and difficulties for web services authorization. However, the system-centric view (static control environment) of protecting services and resources taken by traditional access control models is not suitable for web service environment. As is presented in this paper, one finding of our study is a Policy Tree based architecture for web services authorization termed PTBA4WSA. It is established on a staged attribute based access control framework. The paper proposes a Policy Tree model to describe subjects, resources as well as environment attributes, and it also presents a loading classification based policy evaluation algorithm. Both of which cannot only provide high-efficient and _ne-grained access control for web services, but also can support access control policy release mechanism. With PTBA4WSA, we design and implement a service authorization processing system which exhibits high efficiency and availability as is shown by the performance evaluation results.