Semantically Enriching Access Control Rules for Web Services - PowerPoint PPT Presentation

About This Presentation

Title:

Semantically Enriching Access Control Rules for Web Services

Description:

ISWDS 2005, Galway, Ireland. Brian Shields. 2. Overview ... ISWDS 2005, Galway, Ireland. Brian Shields. 5. Methodology. Research part of the iWise project ... – PowerPoint PPT presentation

Number of Views:86

Avg rating:3.0/5.0

Slides: 15

Provided by: Bri8345

Category:

more less

Transcript and Presenter's Notes

Title: Semantically Enriching Access Control Rules for Web Services

1
Semantically Enriching Access Control Rules for
Web Services

Brian Shields
PhD Candidate,
Department of Information Technology,
National University of Ireland, Galway

2
Overview

Using Semantic Web rules to enforce access
control in a Web Services security framework
Semantic Web Rule Language (SWRL)
OWL-DL fact base
Existing reasoning engine used
W3C and OASIS standards and recommendations
XML Signature
XML Encryption
XML Key Management Specification (XKMS)
WS-Security
Evaluated using Health Informatics industry
Health Level 7

3
Description of Purpose

Growth
Information available over the Web
Ways to access it
Popularity of Web Services
Concern for security, particularly authorisation
Current access control models
Access control lists (ACLs)
Role Based Access Control
Access definition
Rules?
Benefits of Semantic Web rules
Added support for complex relationships between
properties
uncle(?x, ?y)

4
Goal Statement

Build a Web Service security framework
Web Service access control rules written in SWRL
Encorporate SWRL rules and a SWRL and OWL
reasoner into a Web Service security framework
Build a OWL-DL ontology of the Health Level 7
Reference Information Model (HL7 RIM)
Will it work for the health informatics industry?
Addresses the issue of data protection
Particularly within the Web Service space
Novel approach to access control
A solution to authorisation within the health
industry

5
Methodology

Research part of the iWise project
Statistical Processes Monitoring, event
emulation, legacy system integration
Security framework
Message Security
Access control
Technologies
XML Signature
XML Encryption
XML Key Management Specification (XKMS)
WS-Security
Web Ontology Language (OWL)
Semantic Web Rule Language (SWRL)

6
iWISE Security Architecture

SOAP Message Interceptor
Apache Axis Filters
Authentication
Signature Validation
Encryption/Decryption engine
Apache WSS4J
Key Management
Access Control at two levels
Initial access control to verify requested
endpoints and schema validation
Fine grained, semantically aware access control
model
Management Console

7
iWISE Security Architecture
8
iWISE Access Control

Level One
Verify that Web Service exists
Validate all documents against schemas
Level Two
Request made to the Policy Decision Point for
authorisation
Three types of response
Authorisation failed
Authorisation limited
Authorisation granted
Policy Decision Point response result of Semantic
reasoning of ontology and rules
doctor(?x1) ? patient(?x2) ? isTreatingPhysican(?x
1,x2) ? hasReadRecordAccess(?x1,?x2)

9
SWRL Rule
ltrulemlimpgt ltruleml_rlab rulemlhrefrea
dRecordAccess/gt ltruleml_bodygt
ltswrlxclassAtomgt ltowlxClass
owlxnameDoctor/gt ltrulemlvargtx1lt/rulemlvar
gt lt/swrlxclassAtomgt ltswrlxclassAtomgt
ltowlxClass owlxnamePatient/gt
ltrulemlvargtx2lt/rulemlvargt lt/swrlxclassAtomgt
ltswrlxindividualPropertyAtom
swrlxpropertyisTreatingPhysicangt
ltrulemlvargtx1lt/rulemlvargt ltrulemlvargtx2lt/rul
emlvargt lt/swrlxindividualPropertyAtomgt
lt/ruleml_bodygt ltruleml_headgt
ltswrlxindividualPropertyAtom swrlxproperty
hasReadRecordAccessgt ltrulemlvargtx1lt/rulemlv
argt ltrulemlvargtx2lt/rulemlvargt
lt/swrlxindividualPropertyAtomgt
lt/ruleml_headgt ltrulemlimpgt
10
Rule Reasoning