Team for Research in
Ubiquitous Secure Technology

ARSL: A Language for Authorization Rule Specification in Software Security
Weider D. Yu

Citation
Weider D. Yu. "ARSL: A Language for Authorization Rule Specification in Software Security". Talk or presentation, 11, October, 2007.

Abstract
Web services constitute an important part of distributed applications, providing flexibility in the development of distributed applications. One of the key challenges in Web Service security is to determine whether an authenticated user has access to only those services for which he has authorization. Since all authorization patterns for accessing resources cannot be anticipated and hence the access rules cannot be defined beforehand, implementing authorization becomes a concern. This paper describes an approach aimed at a more generalized and reusable solution which provides the flexibility to handle authorization rule updates in real time. The authorization framework is complemented by ARSL (Authorization Rule Specification Language), which is based on predicate logic.

Electronic downloads


Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    Weider D. Yu. <a
    href="http://www.truststc.org/pubs/299.html"
    ><i>ARSL: A Language for Authorization Rule
    Specification in Software Security</i></a>, Talk
    or presentation,  11, October, 2007.
  • Plain text
    Weider D. Yu. "ARSL: A Language for Authorization Rule
    Specification in Software Security". Talk or
    presentation,  11, October, 2007.
  • BibTeX
    @presentation{Yu07_ARSLLanguageForAuthorizationRuleSpecificationInSoftware,
        author = {Weider D. Yu},
        title = {ARSL: A Language for Authorization Rule
                  Specification in Software Security},
        day = {11},
        month = {October},
        year = {2007},
        abstract = {Web services constitute an important part of
                  distributed applications, providing flexibility in
                  the development of distributed applications. One
                  of the key challenges in Web Service security is
                  to determine whether an authenticated user has
                  access to only those services for which he has
                  authorization. Since all authorization patterns
                  for accessing resources cannot be anticipated and
                  hence the access rules cannot be defined
                  beforehand, implementing authorization becomes a
                  concern. This paper describes an approach aimed at
                  a more generalized and reusable solution which
                  provides the flexibility to handle authorization
                  rule updates in real time. The authorization
                  framework is complemented by ARSL (Authorization
                  Rule Specification Language), which is based on
                  predicate logic.},
        URL = {http://www.truststc.org/pubs/299.html}
    }
    

Posted by Larry Rohrbough on 16 Oct 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.