Research And Implimentation On Methods Of Authorization Policy Conflict Detection In Composite Services

Access control is the critical technology to ensure the reliable access in the composite web services environment, and authorization policy is one of the key issues that guarantee the functioning of the access control system. CWS-RBAC model is used to realize the access control between users and composite web services-in this paper. In the CWS-RBAC model, users are allocated a proper role called subject role to reflect the users’ level in the account system, and their resources (mainly composite web services) can be. accessed by object role. Authorization policies manage the access control by describing the authorization relationship between the subject role and object role in CWS-RBAC. Administrator permits or denies a subject role’s request of accessing an object role by making an authorization policy.. Since the administrator may face massive scale of authorization policies in the composite web services environment, a new policy’added may conflict with existing ones and thus result in authorization chaos and authorization leaking. In order to detect the policy conflict in CWS-RBAC, features of the authorization policy are analyzed, and methods of detecting policy conflict are introduced, including subject role propagation conflict detection, object role composition conflict detection and context conflict detection. Furthermore, prototype system is designed to validate the performance of these detections.