A template-based policy generation interface for RESTful web services

Abstract

Cloud computing solutions imply chances for economic advantages concerning investment, administration and maintenance costs. On the downside these advantages are paid with a loss of autonomy; the service providers often predetermine configuration and authorization functionalities. The increase of participating actors represents recent privacy, security and legal issues for service providers and users. The different interests of all involved stakeholders raise a need for distributed access control functionalities, which consider the various restrictions of the stakeholders. The presented work designs and realizes a web interface, service users can use to express fine-grained access control policies concerning their resources. The increase of RESTful online services is addressed by a template approach that serves as a basis for the policy interface. A particular focus is set on the eXtensible Access Control Markup Language (XACML), a standard for distributed access control. Following the XACML standard the web interface is realized within the XACML component model. Users’ requirements are retrieved via the web interface and translated into a complete XACML policy. The generated policies are tested for syntactic and semantic correctness as well as usability.