Securing workflows with XACML, RDF and BPEL

Abstract

The XACML is the access controller of the World Wide Web (WWW). The current reference implementation has a single policy decision point and a policy enforcement point. If XACML policies are used to control workflow among cooperating web services, such as those envisioned in more contemporary languages like (BPEL), it requires coordination to be policy compliant. We propose the necessary enhancements required to do so by passing contextual information that are needed for the requester to evaluate an access control decision as opposed to the standard four decision values of permit, deny, indeterminate to make a decision and an unforeseeable error occurred during evaluation. Proposed contextual information is sufficient to coordinate and if necessary synchronize among coordinating policy enforcement points distributed among the WWW. We show how the contextual information can be constructed and verified using the Resource Description Framework (RDF) and the coordination implemented using BPEL. © 2008 Springer-Verlag Berlin Heidelberg.