Federation of Services from Autonomous Domains with Heterogeneous Access Control Models

  • Abdramane Bah
  • Pascal André
  • Christian AttiogbéEmail author
  • Jacqueline Konate
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1166)


Service-oriented architectures implemented by web services technologies provide standardized protocols for communicating and sharing information across organizational boundaries. The access control of shared services becomes an essential requirement for a secure federation of services. The identity federation provides part of the response by allowing users to authenticate once in an organization and to access the services of others with its authorization information or attributes. However, in a federation, the organizations may have different access control models and authorization attributes with different or even incompatible semantics. Interoperability between the access control models becomes crucial to the federation of services. Existing federated access control solutions are based on the single sign-on with common authorization attributes or the identity mapping that is not scalable in a service-oriented environment. In this paper, we propose a cross-organizational access control method for the federation of services protected by heterogeneous access control models. Our method is based on a new federation architecture that responds to the heterogeneity of authorization attributes via independent attributes introduced at the federation level.


SOA Service composition Federation Access control Attribute mapping Federated single sign-on 


  1. 1.
    OASIS: Reference Architecture Foundation for Service Oriented Architecture Version 1.0, 04 December 2012Google Scholar
  2. 2.
    OASIS: Web Services Federation Language (WS-Federation) Version 1.2. Standard, 22 May 2009Google Scholar
  3. 3.
    International Telecommunication Union: Baseline identity management terms and definitions, 04 April 2010Google Scholar
  4. 4.
    Fabian, B., Kunz, S., MüLler, S., GüNther, O.: Secure federation of semantic information services. Decis. Support Syst. 55(1), 385–398 (2013)CrossRefGoogle Scholar
  5. 5.
    Hafeez, K., Rajpoot, Q., Shibli, A.: Interoperability among access control models. In: 2012 15th International Multitopic Conference (INMIC), 111–118, IEEE, Islamabad, December 2012Google Scholar
  6. 6.
    Preuveneers, D., Joosen, W., Ilie-Zudor, E.: Policy reconciliation for access control in dynamic cross-enterprise collaborations. Enterp. Inform. Syst. 12(3), 279–299 (2018)CrossRefGoogle Scholar
  7. 7.
    Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. Technical report NIST SP 800–162, National Institute of Standards and Technology, January 2014Google Scholar
  8. 8.
    Beer Mohamed, M.I., Hassan, M.F., Safdar, S., Saleem, M.Q.: Adaptive security architectural model for protecting identity federation in service oriented computing. J. King Saud Univ. - Comput. Inf. Sci. (2019)Google Scholar
  9. 9.
    Kallela, J.: Federated identity management solutions. T-110.5190 Seminar on Internetworking (2008) Google Scholar
  10. 10.
    Menzel, M., Wolter, C., Meinel, C.: Access control for cross-organisational web service composition. J. Inf. Assur. Secur. 2(3), 155–160 (2007)Google Scholar
  11. 11.
    Dikmans, L., Van Luttikhuizen, R.: SOA made simple discover the true meaning behind the buzzword that is “service oriented architecture”. Packt Pub, Birmingham (2013). OCLC: 847034163Google Scholar
  12. 12.
    Papazoglou, M.P.: Web Services: Principles and Technology. Pearson/Prentice Hall, Harlow (2008). OCLC: 255863191Google Scholar
  13. 13.
    Duan, N.: Design principles of a federated service-oriented architecture model for net-centric data sharing. J. Defense Model. Simul.: Appl. Methodol. Technol. 6(4), 165–176 (2009)CrossRefGoogle Scholar
  14. 14.
    Decat, M., Van Landuyt, D., Lagaisse, B., Joosen, W.: On the need for federated authorization in cross-organizational e-health platforms. In: Proceedings of the 8the international conference on Health Informatics, vol. 8, pp. 540–546 (2015)Google Scholar
  15. 15.
    Haguouche, S., Jarir, Z.: Managing heterogeneous access control models cross-organization. In: Lopez, J., Ray, I., Crispo, B. (eds.) CRiSIS 2014. LNCS, vol. 8924, pp. 222–229. Springer, Cham (2015). Scholar
  16. 16.
    Fragoso-Rodriguez, U., Laurent-Maknavicius, M., Incera-Dieguez, J.: Federated identity architectures. In: Proceedings of 1st Mexican Conference on Informatics Security (MCIS 2006), p. 8 (2006)Google Scholar
  17. 17.
    BAH, A., André, P., Attiogbé, C., Konaté, J.: Federated access control in service oriented architecture. Research report, LS2N, Université de Nantes, April 2019Google Scholar
  18. 18.
    Bertino, E., Martino, L., Paci, F., Squicciarini, A.: Security for Web Services and Service-Oriented Architectures. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  19. 19.
    Aruna, S.: Security in web services- issues and challenges. Int. J. Eng. Res. V5(09) (2016). IJERTV5IS090245Google Scholar
  20. 20.
    Singhal, A., Winograd, T., Scarfone, K.A.: Guide to secure web services. Technical report NIST SP 800–95, National Institute of Standards and Technology, Gaithersburg, MD (2007)Google Scholar
  21. 21.
    Jasiul, B., Sliwa, J., Piotrowski, R., Goniacz, R., Amanowicz, M.: Authentication and authorization of users and services in federated SOA environments - challenges and opportunities, p. 13 (2010)Google Scholar
  22. 22.
    Rubio-Medrano, C.E., Zhao, Z., Doupe, A., Ahn, G.J.: Federated access management for collaborative network environments: framework and case study. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies - SACMAT 2015, pp. 125–134. ACM Press, Vienna (2015)Google Scholar
  23. 23.
    Na, L., Yun-Wei, D., Tian-Wei, C., Chao, W., Yang, G., Yu-Chen, Z.: Cross-domain authorization management model for multi-levels hybrid cloud computing. Int. J. Secur. Appl. 9(12), 357–366 (2015)Google Scholar
  24. 24.
    Diniz, T., Felippe, A.C.D., Medeiros, T., Silva, C.E.D., Araujo, R.: Managing access to service providers in federated identity environments: a case study in a cloud storage service. In: 2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems, pp. 199–207. IEEE, Vitoria, May 2015Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Abdramane Bah
    • 1
    • 2
  • Pascal André
    • 1
  • Christian Attiogbé
    • 1
    Email author
  • Jacqueline Konate
    • 2
  1. 1.LS2N CNRS UMR 6004University of NantesNantesFrance
  2. 2.FST-USTTBUniversity of Science and Technology of BamakoBamakoMali

Personalised recommendations