Open Access Open Access  Restricted Access Subscription or Fee Access

RBAC Framework Based on XACML Policy in WS-BPEL Process

J. Ramkumar


In WS-BPEL process, Extensible Access Control Markup Language (XACML) is used as an authenticated tool to provide several services for an employee in an organization. There are several policies (XACML) used as an access control in Web Services. XACML policy as RBAC profile to support role based access controls policies. In an organization, there are several roles assigned to an employee based on their attributes. The attributes are used as an authenticating tool to assign the role and perform the task. The identity attributes are used for role provisioning policies to a particular employee i.e. social security number, date of birth, etc. are assigned as an identity attributes. In this aggregate zero knowledge proof knowledge (AgZKPK) and Oblivious commitment based envelope (OCBE) protocols are used during service (information) sharing between employees and to make it more flexible. This process may provide privacy to the user information and support multi-domain environment.


Aggregate Zero Knowledge Proof Knowledge, Pederson Commitment, Role Based Access Control, Security.

Full Text:



Elisa Bertino and Jason Crampton (2006), “Access Control and Authorization Constraints for WS-BPEL,” IEEE International Conference on Web Services (ICWS'06), Issue: 18-22, pp.275-284, Sept. 2006.

SHEN Hai-bo and HONG Fan,”An Attribute-Based Access Control Model for Web Services,” Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06), pp.74-79, Dec.2006.

Quan Z. Sheng, Member, IEEE, Boualem Benatallah, Member, IEEE, Zakaria Maamar, and Anne H.H. Ngu,”Configurable Composition and Adaptive Provisioning of Web Services,” IEEE TRANSACTIONS ON SERVICES COMPUTING, Vol.1, Issue: 1, pp.34-49, 2009.

Bohn, H.; Bobek, A.; Golatowski, F, ”WS-BPEL Process Compiler for Resource-Constrained Embedded Systems appears in Advanced Information Networking and Applications,” 22nd International Conference 25-28 March 2008, Issue: 25-28, pp.1387-1392, March 2008.

Chunxiang Xu Hanpin Wang Wanling Qu Meixia Zhu Yu Huang Key Lab. of High Confidence Software Technol., Peking Univ., Beijing, China ,”A New Method to Model and Analyze the WS-BPEL Process under the Dead-Path-Elimination Semantics in Secure Software Integration and Reliability Improvement SSIRI 2009,” Third IEEE International Conference on 8-10 July 2009, Issue: 8-10, pp.203-211, July 2009.

Zan Xiao Donggang Cao Chao You Hong Mei Sch. of Electron. Eng. & Comput by Sci., Peking Univ., and Beijing, China,”Extracting Behavioral Models from WS-BPEL Processes for Service Discovery,” IEEE International Conference on 21-25 Sept 2009, Issue: 21-25, pp.300-307,, Sept 2009.

Isozaki, Y. Kanna, Y. Kato, K. Kanai, T. Miyamoto, D. Kikuchi, S. Service Platforms Res. Labs., NEC Corp., Ikoma,”Monitoring Cross-Site Processes Executed across Heterogeneous WS-BPEL Processors,” Enterprise Distributed Object Computing Conference Workshops, 2008, , Issue: 16-16, pp.389-392, Sept. 2008.

Haiqiang Dun Wen Zhao Yu Huang Shikun Zhang Lifu Wang Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China,”Modeling and Analysis of WS-BPEL Business Processes Based on Service Net,” Software Engineering Conference, 2008. APSEC'08. 15th Asia-Pacific, Issue: 3-5, pp.265-272, Dec 2008.

K. Burgess, M. Sechrest, J. Fac. of Eng., Oslo Univ. Coll,”Adaptive provisioning using virtual machines and autonomous role-based managementBegnum,” Autonomic and Autonomous Systems, ICAS '06. 2006 International Conference, Issue: 16-18, pp. 7-7, July 2006.

Qiang Duan Inf. Sci. & Technol. Dept., Pennsylvania State Univ., Abington, PA, USA, ”Modeling and Analysis of End-to-End Quality of Service Provisioning in Virtualization-Based Future Internet,” Computer Communications and Networks (ICCCN), 2010 Proceedings of 19th International Conference, Issue: 2-5, pp. 1-6, Aug. 2010.

Min Xu1, Duminda Wijesekera1 and Xinwen Zhang,”Runtime Administration of RBAC Profile for XACML,” IEEE TRANSACTIONS ON SERVICES COMPUTING Vol. PP, pp.1-1,

R. Dongwan Shin Dept. of Comput. Sci., New Mexico Tech, Socorro, NM,”Controlled sharing of identity attributes for better privacy Lopes,” Collaborative Computing: Networking, Applications and Worksharing, 2007. CollaborateCom 2007. International Conference, Issue: 12-15, pp. 2-7, Nov. 2007.

Jin, Z.P. Jian Xu Ming Xu Ning Zheng Comput. Sci. Dept.,Hangzhou Dianzi Technol. Univ., Hangzhou, China, “An Attribute-Oriented Model for Identity Management,” International Conference e-Education, e-Business, e-Management, and e-Learning, 2010. IC4E '10, Issue: 22-24, pp. 440-444, Jan 2010.

Sakai, R.Osaka Electro-Commun. Univ., Neyagawa, “Flexible identity based attribute encryption from identity based broadcast encryption,” International Symposium on Information Theory and Its Applications, 2008. ISITA 2008. Issue: 7-10, pp. 1-4, Dec. 2008.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.