A dynamic context-aware access control architecture for e-services

The universal adoption of the Internet and the emerging web services technologies constitutes the infrastructure that enables the provision of a new generation of e-services and applications. However, the provision of e-services through the Internet imposes increased risks, since it exposes data and sensitive information outside the client premises. Thus, an advanced security mechanism has to be incorporated, in order to protect this information against unauthorized access. In this paper, we present a context-aware access control architecture, in order to support fine-grained authorizations for the provision of e-services, based on an end-to-end web services infrastructure. Access permissions to distributed web services are controlled through an intermediary server, in a completely transparent way to both clients and protected resources. The access control mechanism is based on a Role-Based Access Control (RBAC) model, which incorporates dynamic context information, in the form of context constraints. Context is dynamically updated and provides a high level of abstraction of the physical environment by using the concepts of simple and composite context conditions. Also, the paper deals with implementation issues and presents a system that incorporates the proposed access control mechanism in a web services infrastructure that conform to the OPC XML-DA specification.