Semantics-Based Access Control Approach for Web Service

Due to the open and distributed characteristics of web service, its access control becomes a challenging problem which has not been addressed properly. In this paper, the authors show how semantic web technologies can be used to build a flexible access control system for web service. They follow the Role-based Access Control model and extend it with credential attributes. The access control model is represented by a semantic ontology, and specific semantic rules are constructed to implement such as dynamic roles assignment, separation of duty constraints and roles hierarchy reasoning, etc. These semantic rules can be verified and executed automatically by the reasoning engine, which can simplify the definition and enhance the interoperability of the access control policies.