ARSL: A Language for Authorization Rule Specification in Software Security

ARSL: A Language for Authorization Rule Specification in Software Security
Weider D. Yu

Citation
Weider D. Yu. "ARSL: A Language for Authorization Rule Specification in Software Security". Talk or presentation, 11, October, 2007.

Abstract
Web services constitute an important part of distributed applications, providing flexibility in the development of distributed applications. One of the key challenges in Web Service security is to determine whether an authenticated user has access to only those services for which he has authorization. Since all authorization patterns for accessing resources cannot be anticipated and hence the access rules cannot be defined beforehand, implementing authorization becomes a concern. This paper describes an approach aimed at a more generalized and reusable solution which provides the flexibility to handle authorization rule updates in real time. The authorization framework is complemented by ARSL (Authorization Rule Specification Language), which is based on predicate logic.

Electronic downloads

Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.

Citation formats

HTML

Weider D. Yu. <a
href="http://www.truststc.org/pubs/299.html"
><i>ARSL: A Language for Authorization Rule
Specification in Software Security</i></a>, Talk
or presentation,  11, October, 2007.

Plain text

Weider D. Yu. "ARSL: A Language for Authorization Rule
Specification in Software Security". Talk or
presentation,  11, October, 2007.

BibTeX

@presentation{Yu07_ARSLLanguageForAuthorizationRuleSpecificationInSoftware,
    author = {Weider D. Yu},
    title = {ARSL: A Language for Authorization Rule
              Specification in Software Security},
    day = {11},
    month = {October},
    year = {2007},
    abstract = {Web services constitute an important part of
              distributed applications, providing flexibility in
              the development of distributed applications. One
              of the key challenges in Web Service security is
              to determine whether an authenticated user has
              access to only those services for which he has
              authorization. Since all authorization patterns
              for accessing resources cannot be anticipated and
              hence the access rules cannot be defined
              beforehand, implementing authorization becomes a
              concern. This paper describes an approach aimed at
              a more generalized and reusable solution which
              provides the flexibility to handle authorization
              rule updates in real time. The authorization
              framework is complemented by ARSL (Authorization
              Rule Specification Language), which is based on
              predicate logic.},
    URL = {http://www.truststc.org/pubs/299.html}
}

Posted by Larry Rohrbough on 16 Oct 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.