A Role-Based Authorization Model for Service-Oriented Architecture
Service-Oriented Architecture (SOA) is widely recognized as an especially effective solution for integrating loosely coupled and distributed resources. One of the major challenges in developing SOA-based applications is the management of authorization requirements in distributed environments. This paper proposes a formal authorization model based on a role-based access control model to demonstrate the approach for authorizing service requesters, to access a particular service and information under specific permissions in an SOA. The proposed model defines the authorization relationships and constraints among users (service requesters), roles, permissions, and services according to first-order logic and set theory.