JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617

HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 10

Analysis of Existing Access Control Models

from Web Services Applications’ Perspective
A. Mohammad1, T. Khdour2, G. Kanaan3, , R. Kanaan4, S. Bani-Ahmad5

1 The Arab academy for Banking and financial sciences, Damascus, Syria
3, 4 The Arab academy for Banking and financial sciences, Amman, Jordan
2, 5 Al-Balqa Applied University, Salt, Jordan

Abstract—In web services environment, new requirements must be obeyed by the access control to preserve a satisfied
security level to the applications in this environment, for example the dynamic change of the previously unknown users, the
heterogeneity of the large number of users and resources, and the effects of context constraint information on the decision
making process, all of these requirements and others should be taken into account when we talk about web service access
control. In this paper the authors introduce the clearly defined access control requirements for web services, and then an
analysis of the current approaches of web service access control is made in the light of these requirements. The advantages
and limitations of the existing access control models in the context of web service environments are investigated. These new
requirements are also used as assessment criteria in our comparison study between the predominated access control models.
This paper is the first step toward web service access control model, and may be used later as guidelines to design access
control solutions for web service environment at the application level.

Index Terms— Access Control Models, Web Services, Web application security.

——————————  ——————————

1 INTRODUCTION

A S organizations increase the functionality and in-

formation offered as web services, controlling access
to these services and other resources becomes more
complex. In addition, security failures can disrupt an or-
ganization’s operations and can have legal, financial, hu-
man safety, personal privacy, and public confidence im-
pacts. Access control mechanisms are used to control the
actions, functions, applications, and operations of legiti-
mate users to protect the integrity of the information by
restricting modification to resources only to those with
the permission to do so. Access control also preserves the
confidentiality of information resources by ensuring that
information is only disclosed to users authorized to access
it. In addition, access control plays a role in availability of
the resources when unauthorized users try to perform a
denial of service attack [1],The data model behind an
access control implementation is termed “Access Control
Model” (ACM) [2], the access control model defines rela-
tionships among permissions, operations, objects, and
subjects. By time several intermediate concepts have been
introduced over the past decades to organize these rela-
tionships [3]. These new concepts are proposed based on
the emerging security requirements which must be ob-
eyed by the access control to preserve a satisfied security
————————————————
 A. Mohammad is with the Arab academy for Banking and financial
sciences, Damascus, Syria
 G. Kanaan and R. Kanaan are both with the Arab academy for Banking
and financial sciences, Amman, Jordan
 T. Khdour and S. Bani-Ahmad are both with Al-Balqa Applied University,
Salt, Jordan
level to the applications in web service environment. The
dynamic change of the previously unknown users, the
heterogeneity of the large number of users and resources,
and the effects of context constraint information, all of
these and others should be taken into consideration when
we talking about web service access control models.
Therefore, it is important to clearly specify these require-
ments and analyze the current access control models as
the first step toward addressing the future access control
solutions and as guidelines to design access control mod-
el for web services. The contributions of this paper can be
summarized as follows:
 The majority of the current security techniques (i.e. mes-
sage integrity, confidentiality, security token exchange,
message session security, security policy expression, and
security for a federation of services within a system) to
protect web services are mainly used to protect web servic-
es at the communication level. In this paper however, more
attention has been given to the access control requirements
for web services at the application level.
 This paper provides an answer to determine basic require-
ments for access control in web service environment,
which are used later as guidelines to design access control
model for web service environment at the application level.
 An analysis of current approaches of web service access
control is made in the light of the basic requirements for
access control in web service environment, the merits and
shortcomings of existing access control models in the con-
text of web service environments are investigated.
 The comparison study between the predominated access
control models is conducted which clearly indicates that
several issues in the exciting access control models can be
used as a starting point to future access control solutions.
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG
The remainder of this paper is organized as follows.
Section 2 provides the requirements for the web service
access control at the application level In section 3 an anal-
ysis of the current access control models from the web
service environment perspective is introduced. Section 4
presents the assessment criteria that used to characterize
the access control models. Section 5 provides a compari-
son study between the existing access control models.
Finally, Section 6 presents some concluding remarks and
outlines future work.
2 REQUIREMENTS FOR WEB SERVICE ACCESS
CONTROL AT THE APPLICATION LEVEL.
The World Wide Web Consortium (W3C) [24] characte-
rizes web services as “A software application identified
by a URI, whose interfaces and bindings are capable of
being defined, described, and discovered as XML arti-
facts. A Web service supports direct interactions with
other software agents using XML-based messages ex-
changed via Internet-based protocols”. In this definition
the web services specified as application working in dis-
tributed, open, dynamic and heterogeneous environment,
new requirements must be taken into consideration to
specify access control for web services at application lev-
el. Most existing research has focused on specifying
access control requirements, of those studies a few have
related to web services [4; 2; 5; 6; 7; 8; 9; 10]. Based on the
previous literature and our empirical work, some of the
important aspects are highlighted. These are as follows.
 Users in the web environment are highly dynamic as they
enter and leave web service applications continuously and
their profiles change frequently over time. Users can be
anonymous due to privacy concerns as they do not wish to
disclose their identity to others. As a result, the identities
of many web service users are unknown to the system at
the time of the request. However, traditional models are
mainly authentication based and require proof of identity
or registration for effective centralized control. Such access
control paradigm has several limitations due to spontaneity
and privacy concerns, hence traditional models are not
suitable for web service applications. Therefore, it is ne-
cessary to develop none-identity-based access control
models in order to overcome such problems. As a result,
providing efficient and reliable access control for dynamic
and anonymous users is an essential requirement in the
web service environment
 Heterogeneity of objects : The access control must be able
to support access to a large number of resources of any
type. In web environment, there are a different types of re-
source from different domains, therefore security manage-
ment issues becomes extremely difficult. For example, at
the application level when a professor request to “view
student record”, access student personal details from a uni-
versity’s database system, a student photo from an image
base, a student sound print from an audio repository,, the
only concerning issue here is whether or not “View student
Record” can be accessed, and not how it is conducted at a
lower level.
 Heterogeneity of subjects: In an open web service envi-
ronment, the access control must support the access re-
11
quests by heterogeneity of users with different characteris-
tics. As the number of users increases, it becomes very dif-
ficult to specify and mange them against a large number of
protected resources. A major challenge to the security
management of an access control system is to specify au-
thorizations that involve heterogeneous users in a simple
and efficient manner.
 Content based access control: Information access may need
to be restricted based on the information content. For ex-
ample a PhD candidate student who has TOEFL test score
more than 550 can register the credit hours of his disserta-
tion, in this example the value of input parameter play a
role in determine partial access to the web service. Moreo-
ver, the content of the output parameters may reveal confi-
dential information to the user. Therefore, in order to pro-
vide controlled access to back-end resources, the contents
of the input and output parameters should be included in
access control decision making.
 Context aware access control: Information access may
need to be restricted based on contextual information ob-
tained at the time the access requests are made. Access re-
quests may be decided based on several context parame-
ters, such as time or location. An example of location pa-
rameter is user domains, which are classified by IP ad-
dresses [6], the relationship between entities such as users
and objects play also important role in access decision. For
example, professor is allowed to view all student files if
the student is in the professor's department and the student
is under the supervision of the professor. In this case the
relationship between the individual subject (professor),
who requests the access rights, and the individual object,
which is to be accessed (student records), has crucial im-
pact in making the final access control decision.
 Fine-grained access control: Traditional access control
models only provides coarse-grained such as role level
control in Role Based Access Control (RBAC), so it is dif-
ficult to model fine-grained security policy. To represent
different access control situations a fine-grained access
control is needed.
 Dynamic access control: the dynamic change in the user’s
profiles and environment conditions in web service envi-
ronment should be reflected on the access decision, so
there is a need to automate role assignment which depends
on all of the above-mentioned features. In web environ-
ments, access control decision making ought to be auto-
mated according to a variety of dynamic conditions. These
conditions include content and the context constraint. Dy-
namic role assignment saves manual administrative work
of specifying authorizations for each security subject
against each security object, hence making security man-
agement simpler and more efficient.
 Policy specification: Access control models are based on
the specification and representation of policies that govern
a dynamic and open environment. The access control mod-
el should support ways of specifying policies and an ap-
propriate syntax, pattern, or language that allows exten-
sions or modifications in a simple and transparent manner.
This eventually helps to ensure the scalability of the sys-
tem
 Policy enforcement: It is essential for the access control
models to provide means to ensure that the policies or con-
straints specified are enforced correctly.
In the next section, an analysis is conducted between
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG
existing access control models in the context of web
service environment based on the above defined re-
quirements
3 ANALYSIS OF CURRENT ACCESS CONTROL
MODELS
Several access control models have been proposed since 1960
up to the writing of this paper, this section analyze the predo-
minant access control models from the web service application
perspective: Access Control Matrix, Role Based Access Control
(RBAC), Attributes Based Access Control (ABAC), Task
Based Access Control (TBAC), and Context A-ware Access
Control Models.
3.1 Access Control Matrix
Access control matrix is proposed by [11] who defines three
kinds of access-control entities: subjects, objects and access
rights which associate the subject with the protected objects by
specifying the operations that subject are allowed to perform on
objects. An access control matrix A, with rows representing
subjects, columns representing objects is used to define the
protection state. A[s, o] denotes the access rights a subject s has
over an object o. The access-checking rule of the model states
that a request by subject s for accessing object o is granted only
if A[s, o] contains the requisite right. The access control matrix
can be implemented in three ways [12]:
 Authorization Table Approach: A three columns table,
corresponding to subjects, actions, and objects, respective-
ly. Each tuple in the table corresponds to an authorization.
 Access Control List (ACL) approach: The matrix is stored
by column. Each object is associated with a list indicating,
for each subject, the actions that the subject can exercise
on the object.
 Capability Approach: The matrix is stored by row. Each
user has associated a list, called capability list, indicating,
for each object, the accesses that the user is allowed to ex-
ercise on the object.
However there are several weaknesses to the access matrix
model [3]. Some are more general, while others are particularly
due to the web services environment:
 In web services environment access rights may be related
to the content, attribute of resources, attributes of users or
other contextual Information such as time, location and
system load. While Access matrix do not account for this
situation, instead, the access decision are taken based on
one simple rule which states that a request by subject s for
accessing object o is granted only if A[s, o] contains the
requisite right without taking into account other factors.
 Access matrix model is not adequate for the environments
that contain a large number of resources and users as in
web service environment. For example, if all accesses by a
particular user need to be revoked, the administrator must
examine each access control list, one by one, and remove
the user from each list. the problem gets worse when a user
takes on different responsibilities within the organization,
so rather than simply eliminating the user from every
access control list, the administrator must determine which
permissions need to be eliminated, left in place, or altered
[13].
 In access control matrix, The capability list for each sub-
ject and the access control list for each object are deter-
mined statically by administrator, so it is necessary to
12
know the user identity previously that contradicts with the
dynamic change in users profiles in web service environ-
ment, therefore this model is unable to support the dynam-
ic change in users characteristics in web service environ-
ment.
 More sophisticated access policies such as access based on
competency, least privilege, or conflict-of-interest rules are
difficult to provide without access rights that are associated
with a subject’s credentials when performing an operation.
3.2 Role Based Access Control (RBAC)
 The main goal of role based access control proposed by
[14] is to overcome administration difficulties encountered
in large commercial organizations for which access control
matrix cannot be carried out by proposing organizational
grouping of subjects or resources. RBAC uses roles as a
basis for access control decisions which greatly simplifies
the management of the system, and provides a powerful
mechanism for reducing the complexity, cost, and potential
for error in assigning permissions to users within the or-
ganization [1]., In addition, RBAC is considered as “neu-
tral policy”, it can coexist with other policies. However,
RBAC does not entirely suit web service environment as it
suffers from weaknesses in open and dynamic environment
as following: RBAC is authentication based, this means it
depends on the previously known user’s identity, which
requires central control (registration) and proof of identity.
This identity based authentication leads to certain limita-
tions regarding the spontaneity and privacy and hence not
always desired. However, in web service environment au-
thorization based access control is needed due to the dy-
namic change in users’ characteristics without previously
known identity.
 In core RBAC [14], permission is still represented in the
form of operation - object which describes the traditional
database access paradigm. In enterprise systems, there are
a large number and types of resources, such as database
items, files, and heterogeneous hardware. When authoriza-
tions are specified by operation-object paradigm, an enter-
prise system needs to view element, view schema, destroy
and create for documents – which is inefficient. The situa-
tion becomes worse if object hierarchy and access modes
hierarchy are introduced which introduce many conflicts to
the authorization.
 As RBAC only provides coarse-grained and role level con-
trol, it is difficult to model fine-grained security policy,.
During a session, although roles can be activated or deacti-
vated based on constraints such as role conflict or prere-
quisite roles, the user’s access permission is not changed
based on context information such as time, location, and
relationships among entities which has impact factors in
deciding access rights in web service environment. Unfor-
tunately, such factors are not considered in current RBAC
model and partially used in existing RBAC extensions.
 RBAC is static model because the permissions are asso-
ciated statically with roles by an administrator and users
are made members of appropriate roles in the same man-
ner, this is not adequate for dynamic change in user charac-
teristics in open and dynamic web service environment. It
is very burden work to assign statically a large number of
users to appropriate roles and to assign different permis-
sions to a large number of resources. As a result, with the
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG
heterogeneity of users and resources this problem becomes
even more complicated
3.3 Attribute Based Access Control (ABAC)
In recent years, there has been a shift to looking at attributes as
a basis for access control in a web services environment [9; 15],
ABAC provides a mechanism for representing a subject’s
access profile through a combination of the following attribute
types:
 Subject Attributes (S) which associated with a subject
that defines the identity and characteristics of that
subject.
 Resource Attributes (R) which associated with a re-
source, such as a Web service, system function, or da-
ta object.
 Environment Attributes (E) which Describes the op-
erational, technical, or situational environment or
context in which the information access occurs.
ABAC policy rules are generated as Boolean functions of S, R,
and E attributes and dictate whether a subject S can access a
resource R in a particular environment E as following:
RULE X: can_access(s,r,e) ← f (ATTR(s),ATTR( r),ATTR(e))
ABAC clearly provides an advantage over traditional
RBAC when extended into Service Oriented Architecture
(SOA) environments, which can be extremely dynamic in
nature. ABAC policy rules can be custom-defined with
consideration for semantic context and are significantly
more flexible than RBAC for fine-grained alterations or
adjustments to a subject’s access profile [16].One addi-
tional benefit to web service implementations of ABAC
lies in the nature of the loose definition of subjects. Be-
cause ABAC provides the flexibility to associate policy
rules to any actor, it can be extended to Web service soft-
ware agents as well. On the other hand the ABAC has
some drawbacks, these are as follows:
 In ABAC the permissions are assigned directly to the
users based on the attributes (user, object, environ-
ment) without the using of the role concept as inter-
mediate structure between the permissions and the
attributes, so this weaken the ability to users man-
agement.
 ABAC approach depends on policy-defined attributes to
make access control decisions, the policy is represented as
a set of rules expressed on attributes values and are granted
to users who can prove compliance with these rules, there-
fore ABAC is not a policy natural such as RBAC which
mean it is restricted to policy-defined attributes such as ex-
tensible Access Control Markup Language (XACML) [17].
3.4 Task based access control (TBAC)
TBAC uses tasks as an important parameter for access control
and authorization [18; 19]. It is an active security model that is
well suited for information processing activities where users
access data and applications in order to perform certain tasks.
TBAC approaches security management from an application
perspective rather than from a system-centric subject-object
view [19]. In the subject-object paradigm, access decision func-
tion checks whether a subject has the required permissions for
the operation, this type of permission representation has com-
13
plicated the security management of large enterprise systems
due to the heterogeneity of resources involved in authorizations.
Hence, they are not suitable for supporting a unified access
control framework that involves different types of resources
from multiple domains. However, this model suffers from the
following limitations:
 TBAC paradigm considers the temporal constraint where
access is permitted based on a just-in-time fashion for the
activities or tasks in consideration. The other constraints
are not used in this model especially the context constraint.
 Specification of complex policies, management, delega-
tion, and revocation of authorization privileges are very
primitive. More fine grained components are needed to be
defined to support dynamic environments motivated by
TBAC.
3.5 ContextA-ware Access Control
The context information associated with access request such as
time, location, session, system load, plays an important role in
access control decision, so several studies conducted to inte-
grate context information in access control models as following:
Environment Role Based Access Control Model (ERBAC):
proposed by [23], the Environment roles are proposed to cap-
ture security-relevant aspects of the environment in which an
application executes, an environment role is an abstraction for a
system states that the system can accurately collect, However, it
still remains role-centric disadvantages, security-related rela-
tionships among entities (including roles, subjects, objects, and
environments) are ignored. Hence, fine-grained security poli-
cies which may depend on individual instances of the subjects
and objects are difficult to model and specify. In addition this
model is not adequate for dynamic environment because the
permission and users are assignment statically to roles.
The Temporal RBAC (TRBAC): proposed by [20], TRBAC
Model extends the traditional RBAC model by adding timing
constraints into role activations, and provides dynamic role
assignment based on temporal constraints like time periods.
However TRBAC addressed temporal constraints for role acti-
vation only, in addition to the following drawbacks:
1. TRBAC is also role-centric and focuses on when a specific
type of role can be activated based on time and other role
activation events. Other possible events, which could also
cause roles’ permission change, are not modeled in the
TRBAC model. This model has not addressed other types
of authorization constraints besides duration constraints.
2. This model relies on user identities for authentication; it
does not support authentication and role assignment
through user credentials provided by trusted third parties.
Generalized RBAC: Moyer and Ahamad proposed generalized
RBAC in [21]., Generalized Role Based Access Control
(GRBAC) leverages and extends the power of traditional
RBAC by incorporating subject roles, object roles, and envi-
ronment roles into access control decisions. However:
1. GRBAC may not be feasible in practice because the poten-
tial large amounts of environment roles make the system
very hard to maintain manually.
2. GRBAC rely on user identities for authentication, they do
not support authentication and role assignment through us-
er credentials provided by trusted third parties.
Generalized Temporal Role Based Access Control
GTRBAC: proposed by [20], this model share the same draw-
backs of TRBAC but it supports a wide range of temporal con-
straints which can be applied to roles, user-role-assignment,
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG
role-permission assignment as well as role activation, and it
allows more flexible security policies to be specified, thus pro-
viding fine-grained dynamic access control for enterprise sys-
tems.
XML-based Generalized Temporal Role-based Access Con-
trol (X-GTRBAC): proposed by [6], An XML-based specifica-
tion language is used to represent security policies in order to
achieve interoperability among different domains, it includes
credential-based access control, context aware access control,
temporal constraints and XML-based policy specification. The
XML-based web-service policy specification has enabled in-
formation sharing between different domains that were pre-
viously unachievable due to incompatible information formats.
[4] proposed a policy-based authorization framework for Web
services by integration of X-GTRBAC with an emerging Web
services policy processing model, WS-Policy [22].
Other researches such as [5]; Hulsebosch et al., 2005] fo-
cus on one type of context constraints such as location or
user intention in pervasive environment. [8] proposed a
logic-based access control approach for a web service, in
this approach, real-time access control decisions is made
based on assertions in the header of SOAP message, and
this model assigns roles to requestors with changing user
profiles, based on the trusted assertions. However, this
model do not give any attention to context constraint, [9]
extend RBAC model to secure web services in business
process, the model takes web services in business process
as protected objects instead of common system resources.
The constraints WS-RBAC are divided into two kinds:
auxiliary constraints related to enterprise and authoriza-
tion constraints such as separation of duty, so this model
did not discuss other context constraints and it focuses on
specific problem in business process.
4. ASSESSMENT CRITERIA
In this paper the assessment criteria have been derived
from tow resources; first from the web service access con-
trol requirements discussed in section 2 and from the
work done by [7]. The following summarizes the criteria
used to characterize the access control models as follows.
 Authorization based: define whether or not the access deci-
sion relies on the user identity (previously registered), in
this case the model is authentication based, on the other
hand authorization based access model considers other fac-
tors such as attributes or capability of the subject and envi-
ronment conditions when making access control decisions.
In web environments, there are many new users and ano-
nymous users; therefore identity based access control mod-
el is not suitable for protecting Web services.
 Context sensitive: context information plays an important
role in making the appropriate access decision in web envi-
ronment, thus it is important to know the degree to which
contextual information is utilized by the access control
model in order to secure the system.
 Fine grained control: the granularity of access control will
not be limited to complete web services but instances of
web services. For example if a user requests access to
some services, but only part of the service is available to
this user, simply permitting or forbidding the user request
would be inappropriate.
14
 Dynamic control: in web service environment where the
user characteristics and the access context changing con-
sciously, the access control decisions must be synchro-
nized with continuously changing security conditions, it is
desirable for the access control model to be able to handle
the dynamism of web environment.
 Permission representation: the structure of the authoriza-
tion in access control model, for example (sub-
ject.operation,object) paradigm which is used in most of
traditional access control model such as RBAC, A typical
feature of this paradigm is that privileges or permissions
are represented as approvals of access to an object in speci-
fied access modes (operation-object),
 Policy specification: Access control models are based on
the specification and representation of policies that govern
a web services environment. The model should provide
ways of specifying policies and appropriate syntax, pattern,
or language that allows extensions or modifications in a
simple and transparent manner. This helps to ensure the
scalability of the system.
 Policy enforcement: it is important for the access con-
trol model to provide means to ensure that the poli-
cies or constraints specified are enforced correctly. for
example, The dynamic context in which access re-
quests are made should be taken into account when
access control rules are defined
 Complexity:. As there is a trade off between functionality
and complexity. Complexity is considered to be an impor-
tant aspect of consideration because an overly complex
model can lead to unforeseen problems and implementa-
tion can become difficult. As a result, defines the nature of
the access control model is an important issue.
 Understandability: defines the transparency of the model
and its underlying principles. The consequences of mani-
pulation and changes of access rights should be obvious for
the proper use of the system.
 Ease of use: indicates how simple the system is from the
end user’s point of view in terms of its usage in a web en-
vironment. If the system is inconvenient to use, then there
is a chance that users will not favor it. Security systems
always bring a degree of complexity into the system, and
users need to be reassured of the ease of use of any system.
The simpler the model is, the more popular it will be.
 Applicability of an access control model is an indication of
its practicality. A good, but solely theoretical, model may
provide few benefits. An infrastructure should exist where
the model can be deployed.
5. COMPARISON OF ACCESS CONTROL MODELS
Our comparison of access control models is based on
previous analysis in section 3 and the previous assess-
ment criteria in the comparison of existing access control
model which have been introduced in the Section 3. The
assessment result is shown in Table 1. The table makes
use of comparative terminology such as Low, Medium,
and High, descriptive terminology such as Simple and the
standard Yes (Y) and No (N) terminology for characteri-
zation against the criteria. For the contextual information
criteria, Mediumx is used to identify those models that
appear to support the strongest notion of context among
those in the Medium category. Use of Low, Medium, and
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 15

High for criteria such as Complexity, Low Complexity of authorization specification and administration. Moreo-
indicates that the model is fairly simple in nature. Low ver, the using of task helps in solving the problem of ob-
has also been used to describe criteria such as contextual ject’s heterogeneity in the web environment.
information when it is not convenient to use a simple Yes 3. Access control matrix and traditional RBAC do not sup-
or No means of description. Yes and No have been used port consideration of contextual information in decision
whenever it is possible to indicate the facilitation or lack making, whereas other models (i.e. ABAC, TRBAC, X-
of facilitation of the concerned criteria by the access con- GRBAC) support varying degrees of contextual informa-
trol model. Wherever it is insufficient to simply indicate tion consideration. TRBAC, X-GTRBAC, and existing
access control models focus only on one type of constraint
the presence of support for a feature, and it is also impor-
(temporal constraint, location, and session), other types of
tant to indicate the degree to which a feature is sup-
constraints such as the relationship between entities in the
ported, Low, High, and Medium have been used. For the model should be considered in the design of future access
criterion used to define the authorization specification a control models to support a wide range of security policies.
number of symbols are used as following, s: a subject; o: a
data object ; m: access mode ; r: role; t : task; tc: temporal
constraint; attr: subject attribute; cc: context constraint. 6. CONCLUSION AND FUTURE WORK
Most of current security techniques to protect web servic-
TABLE 1 es are mainly used to protect web services at the commu-
CHARACTERIZATION OF ACCESS CONTROL MODELS FOR WEB
nication level, in this paper; we give more attention to
SERVICE ENVIRONMENT
access control models for web services at the application
Model X- TRBAC TBAC ABAC RBAC Access
Criteria GRBAC Temporal Task- Matrix
level. A number of access control requirements were de-
RBAC based fined for web services environment which may be used as
Authorization Y Y N Y N N a basis for further research in the authorization area.
based
Context sensitive Mediumx Medium Low Medium x
Low N Access control requirements have been used as a basis to
Fine grained Y Y Low Y Low N analyze the current popular access control models. Dis-
Dynamic control Y Y Y Y N N
Policy Specifica- Y Y Low Low Y Low
cussion of the pros and cons of each model in context of
tion web services environment at the application level were
Policy Enforce- Y Y Low Low Y Low introduced, then a number of assessment criteria derived
ment
Policy- (r,cc,m,o) (r,tc,m,o) (s,t) (attr,m,o) (r,m,o) (s,m,o) basically from that requirements to used in a comparison
Permission study between current access control models were also
representation
Complexity Medium Medium Medium Medium Medium Low provided, This comparison study summarize not only the
Ease of Use High High Medium Medium High Medium benefits but also the weaknesses of current models. The
Understandability Simple Simple Simple Simple Simple Simple comparison also indicates several Issues in the exciting
Applicability High High Medium High High Medium
access control models which may be used as a starting
point for future access control solutions.
The comparisons provided in Table 1 highlighted several
Issues in the existing access control models. These are as
follows:
REFERENCES
1. The traditional access matrix specifies authorization as a [1] Ferraioldo, D.; Kuhn, R.; and Chandramouli, R. (2003). “Role-based
tuple of three (S, M, and O). It is required to define autho- access control”. Computer Security Series. Artech House.
rizations for each data manipulation. The authorization [2] Decker, M. (2008). “Requirements for a Location-Based Access Control
specification for RBAC is much simpler; it assigns users to Model”, In Proceedings of MoMM 2008, Linz, Austria,346-349.
roles, hence reducing the number of authorizations by N [3] Thion, R. (2008), “access control models”, IGI Global Publication, Chap-
number of times where N is the number of users assigned ter XXXVII,318-326
to the role. This comparison clearly indicates that the using [4] Bhatti, R.; Sanz, D.; Bertino, E.; and Ghafoor, A. (2008). “A Policy-Based
of role concept in RBAC and its extension can greatly re- Authorization Framework for Web Services: Integrating X- GTRBAC
duce the complexity of authorization specification and ad- and WS-Policy”, IGI Global puplication,138-161.
ministration. In addition, the using of role helps in solving [5] Damiani, M.; Bertino, E.; Catania, B.; and Perlasca, P. (2007). “GEO-
the problem of subject’s heterogeneity in web environ-
RBAC: A Spatially Aware RBAC”, ACM Transactions on Information
ment.
and System Security, 10, 1, Article 2.
2. The task based access control TBAC has a simple authori-
[6] Bhatti, R.; Ghafoor, A.; Bertino, E.; and Joshi, J. (2005). “X-GTRBAC: An
zation specification (S and T) as it uses the tasks for de-
scribing all data objects in backend resource. Therefore, XML-Based Policy Specification Framework and Architecture for En-
the access requests to several data objects could be reduced terprise-Wide Access Control”. ACM Transactions on Information and
to single request to a one task. For instance, a professor re- System Security,. 8,. 2, 187–227.
quest to “view student record” may ultimately access stu- [7] Tolone, W.; Ahn, G.; Pai, T.; Hong, S. (2005). “Access Control in Colla-
dent personal details from a university’s database system, a borative Systems”. ACM Computing Surveys, 37, 1, 29-41.
student photo from an image base, a student sound print [8] Coetzee, M. and Eloff, J. (2004). “Towards Web Service access control”.
from an audio repository. At the application level however, Computers & Security, 559-570
the only concerning issue is whether or not “view student [9] Wang, L.; Wijesekera, D. and Jajodia, S. (2004). “A logic-based frame-
record” can be accessed, not how it is conducted at a lower work for attribute based access control”, in Proceedings of the 2004
level. Accordingly, this comparison indicates that the using ACM workshop on Formal methods in security engineering, 45–55,
of task concept in TBAC can greatly reduce the complexity
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 16

[10] Agarwal, S.; Sprick, B.; and Wortmann,S. (2004). “Credential Based
Access Control for Semantic Web Services”, In Proceedings of 2004
American Association for Artificial Intelligence Spring Symposium Se-
ries, Stanford, California, USA.
[11] Lampson, b., (1971). Protection. In 5th Princeton Symposium on Infor-
mation Science and Systems, 437–443. Reprinted in ACM Operating
Systems Review 8(1):18–24, 1974.
[12] Samarati, P. and Capitani, V. (2001). “Access Control: Policies, Models,
and Mechanisms”. Springer-Verlag Berlin Heidelberg.
[13] Gallaher, M.; O’Connor, A.; and Kropp, C. (2002). “The Economic Im-
pact of Role-Based Access Control”, Technical report prepared by RIT
for National Institute For Standards And Technology.
[14] Sandhu, R.; Coyne, E.; Feinstein, H.; and Youman, C. (1996). “Role-
Based Access Control Models”. IEEE Computer 29, 2, 38–47.
[15] Yuan, E.; Tong, J., and Hamilton (2005). “Attribute-Based Access Con-
trol (ABAC) for Web Services”. in Proceedings of the New Challenges
for Access Control Workshop.
[16] NATIONAL INSTITUTE FOR STANDARDS AND TECHNOLOGY,
(2007). Guide to Secure Web Services, NIST Special Publication 800-95.
[17] Moses, T.. (2009). “eXtensible Access Control Markup Language
(XACML) version 2.0.2005”. Retrieved October 4, 2009 from
http://docs.oasis-open.org/xacml/2.0/access control-xacml-2.0-core-
spec-os.pdf.
[18] Thomas, R. (1997). “Team-based access control (TMAC): A primitive for
applying role based access controls in collaborative environments”. In
Proceedings of the Second ACM Workshop on Role-based Access Con-
trol, Virginia, USA,13-19.
[19] Thomas, R. and Sandhu, R. (1997). “Task-based authorization controls
(TBAC): A family of models for active and enterprise-oriented authori-
zation management”. In Proceedings of the IFIP WG 11.3 Workshop on
Database Security, Lake Tahoe, California, 166-181.
[20] Bertino, E.; Bonatti, P.; and Ferrari, E. (2001). “TRBAC: A temporal role-
based access control model”. ACM Transactions on Information and
System Security (TISSEC), 4,3, 191-233.
[21] Moyer, M.; and Ahmad, M. (2001). Generalized role-based access con-
trol. In Proceedings of the 21st International Conference on Distributed
Computing Systems, Washington, D.C. 391-398.
[22] Schlimmer et al. (2006). “Web Services Policy 1.2 (WS-Policy)”. Re-
trieved October 9, 2009, from
http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf.
[23] Covington, M.; Long, W.; Srinivasan, S.; Dev, A.; Ahmad, M.; and Ab-
owd, G. (2001). “Securing context-aware applications using environ-
ment roles”. In Proceedings of the 6th ACM Symposium on Access
Control Models and Technologies (SACMAT’01). ACM Press, New
York. 10–20.
[24] WORLD WIDE WEB CONSORTIUM (W3C), http://www.w3.org.