Open Access  Subscription or Fee Access

Web services represent a challenge and an opportunity for organizations wishing to expose product and services offering through Internet. However, any organization using XML and Web Services must ensure that only the users who have right, can sent their appropriate XML content and can access the services. The eXtensible Access Control Markup Language (XACML) has established itself as a solution for controlling access in an interoperable and flexible way. But XACML still suffers from some limitations which impact its ability to support the actual requirements of web services. This paper is an effort to implement the five important features that an access control system should possess as per the XACML standard and implementing these features to an institution management system through J2EE platform. By doing so, we assure an efficient access control framework for today’s open web service applications.

Access Control, Audit, J2EE, Web Services, XACML.

R.Saravanan, A.Sindhuja, M.Kaushik, P.Magesh, “An XACML based Access Control Framework with Audit Management for Web Services”, International Conference on Computing and Control Engineering (ICCCE 2012), Dr.M.G.R University of Educational and Research Institute, Chennai, ISBN 978-1-4675-2248-9 © 2012

M.Kaushik, P.Magesh, K.Nithiyanandan, “Extended XACML Access Control Framework with Audit Management for Open Web Services”, National Conference on Web Technologies and Open Source (WEBTOPS’12), Jaya Engineering College, Chennai.

Claudio A. Ardagna, Sabrina De Capitani di Vimercati, Eros Pedrini, Pierangela Samarati,”Expressive and Deployable access control in Open Web Service applications”, IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 4, NO. 2, APRIL-JUNE 2011.

Claudio A. Ardagna, Sabrina De Capitani di Vimercati, Eros Pedrini, Pierangela Samarati , Stefano Paraboschi,”An XACML Based Privacy Centered Access Control system”, ACM WISG’09. [5] Jan Camenisch, Sebastian Mődersheim, Gregory Neven, Franz-Stefan Preiss, and Dieter Sommer, “Credential-Based Access Control Extensions to XACML” , w3.org, 2009 [6] Sudhir agarwal, Barbara Sprick, Sandra Wortmann, “Credential Based Access Control for Semantic Web Services”, American Association for Artificial Intelligence, 2004.

Claudio A. Ardagna, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Gregory Neven, “Enabling Privacy Preserving Credential Based Access control with XACML and SAML”, IEEE Internatonal conference on computer and information technology, July 2010

Christophe Incoul, Benjamin Gateau, Jocelyn Aubert, Nicolas Bounoughaz, Christophe Feltus, “SIM : an agent-based audit solution of access right deployment through open network”, IEEE Third International Conference on Risks and Security of Internet and Systems: CRiSIS’2008 [9] Sudhir agarwal, Barbara Sprick , “Specification of Access control and Certification policies for Semantic Web Services” E-commerce and Web Technologies, Proceedings Springer , Aug’2008.

Claudio A. Ardagna, Sabrina De Capitani di Vimercati, Eros Pedrini, Pierangela Samarati, “A Web Service Architecture for Enforcing Access Control policies”, Electronic Notes in Theoretical Computer Science journal, ACM Volume 142, January 2006.

J.G.R.Sathiaseelan, S.Albert Rabara , J.Ronald Martin, “Multi-Level Secure Framework (MLSF) for Composite Web Services” ,ACM , ICIS 2009.

J.G.R.Sathiaseelan, S.Albert Rabara,J.Ronald Martin, “Multi-Level Secure Architecture for Distributed Integrated Web Services”, IEEE 3rd international Conference on Computer Science and information Technology, 2010.