RICH PRESENCE AUTHORIZATION USING SECURE WEB SERVICES

Li Li, Wu Chou

Abstract

This paper presents an extended Role-Based Access Control (RBAC) model for rich presence authorization using secure web services. Following the information symmetry principle, the standard RBAC model is, extended to support data integrity, flexible and intuitive authorization specification, efficient authorization process and cascaded authority within web services architecture. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

References

  1. Beltran, V. and Paradells, J.: Middleware-Based Solution to Offer Mobile Presence Services. In: Mobileware'08, February, 2008 (2008)
  2. Chen, L. and Crampton, J.: On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. In: ASIACCS'08, March, 2008, pages 205- 216 (2008)
  3. Chou, W., Li, L., and Liu, F.: Web Services Methods for Communication over IP, ICWS 2007, pages 372-379, Salt Lake City, July 2007 (2007)
  4. Chou, W. and Li, L.: WIPdroid - a two-way web services and real-time communication enabled mobile computing platform for distributed services computing, Proceedings of International Conference on Services Computing 2008, July 2008, Vol. 2, pages 205-212, July 2008
  5. Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence and Instant Messaging", RFC 2778, February 2000 (2000)
  6. gSOAP. In: http://gsoap2.sourceforge.net/
  7. Godefroid, P., Herbsleb, J.D. Jagadeesan, L.J., and Li, D.: Ensuring Privacy in Presence Awareness Systems: An Automated Verification Approach. In: Proceedings of the 2000 ACM conference on Computer supported cooperative work, pages: 59-68, 2000 (2000)
  8. Hong, J.I., Ng, J.D., Ledere, S., and Landay J.A.: Privacy Risk odels for Designing Privacy-Sensitive Ubiquitous Computing Systems. In: DIS2004, August 1-4, 2004, pages 91-100 (2004)
  9. Jorns, O.: Privacy Enhancing Architectures Overview. In: Intensive Program on Information and Communication Security: Secure Embedded Systems (IPICS'04), November 25, 2004 (2004)
  10. Langheinrich M.: Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. In: Proceedings of the 3rd international conference on Ubiquitous Computing, pages: 273-291, (2001)
  11. Lederer, S., Hong, J.I., Dey, A.K., and Landay J.A.: Personal privacy through understanding and action: five pitfalls for designers. In: Personal and Ubiquitous Computing, Volume 8, Issue 6, pages: 440-454 (November 2004)
  12. Ni, Q. and Trombetta, A.: Privacy-aware Role Based Access Control. In: SACMAT'07, June, 2007, pages 41-50 (2007)
  13. Ni, Q. et al.: Conditional Privacy-Aware Role Based Access Control, Computer Security ESORICS 2007, Lecture Notes in Computer Science, Springer Berlin/Heidelberg, pages 72-89, 2008.
  14. Parlay X: Draft ETSI ES 202 391-14 v0.0.8 (2007-06), Open Service Access (OSA), Parlay X Web Services, Part 14: Presence (Parlay X 2) (2007)
  15. Rosenberg, J., Request for Comments: 3856, A Presence Event Package for the Session Initiation Protocol (SIP), August 2004 (2004)
  16. Rosenberg, J., Request for Comments: 5025, Presence Authorization Rules, December 2007 (2007)
  17. Sandhu, R., Ferraiolo, D., Kuhn R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proceedings of 5th ACM Workshop on Role Based Access Control, July 26-27, 2000 (2000)
  18. Singh, V.K. and Schulzrinne, H.: A Survey of Security Issues and Solutions in Presence. In: http://www1.cs.columbia.edu/vs2140/presence/prese ncesecurity.pdf (2006)
  19. UDDI Version 2.04 API Specification, UDDI Committee Specification, 19 July 2002 (2002)
  20. Urs Hengartner and Peter Steenkiste: Implementing Access Control to People Location Information, SACMAT'04, page 11-20, June 2004.
  21. Web Services Security: SOAP Message Security 1.1, (WS-Security 2004), OASIS Standard Specification, 1 February 2006 (2006)
  22. Web Services Eventing (WS-Eventing), W3C Member Submission, 15 March 2006 (2006)
  23. Zhang, Y. and Joshi, J.B.D.: UAQ: A Framework for User Authorization Query Processing in RBAC extended with Hybrid Hierarchy and Constraints. In: SACMAT'08, June, 2008, pages 83-91 (2008)
Download


Paper Citation


in Harvard Style

Li L. and Chou W. (2009). RICH PRESENCE AUTHORIZATION USING SECURE WEB SERVICES . In Proceedings of the Fifth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8111-81-4, pages 29-36. DOI: 10.5220/0001842700290036


in Bibtex Style

@conference{webist09,
author={Li Li and Wu Chou},
title={RICH PRESENCE AUTHORIZATION USING SECURE WEB SERVICES},
booktitle={Proceedings of the Fifth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2009},
pages={29-36},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001842700290036},
isbn={978-989-8111-81-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fifth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - RICH PRESENCE AUTHORIZATION USING SECURE WEB SERVICES
SN - 978-989-8111-81-4
AU - Li L.
AU - Chou W.
PY - 2009
SP - 29
EP - 36
DO - 10.5220/0001842700290036