6th International Conference on Internet Technology and Secured Transactions, 11-14 December 2011, Abu Dhabi, United Arab Emirates

Toward an Abstract Language on Top of XACML for Web Services Security aDepartment of Computer Science and Mathematics, Lebanese American University, Beirut, Lebanon b Department of Computer Engineering, Khalifa University of Science, Technology & Research, Abu Dhabi, UAE CDepartment of Computer Science, Kuwait University, Kuwait b Azzam Mourada, Hadi Otrok , Hamdi YahyaouiC and Lama Baajoura

Abstract-We introduce in this paper an abstract language on top of XACML (eXtensible Access Control Markup Language) for web services security. It is based on the automatic generation of XACML security policies from abstract XACML profile(s). Our proposed approach allows first to specify the XACML profiles, which are then translated using our intended compiler into XACML security policies. The main contributions of our approach are:

(1)

Describing dynamic security policies using an

abstract and user friendly profile language on top of XACML,

(2)

generating automatically the the XACML policies and

(3)

separating the business and security concerns of composite web services, and hence developing them separately. Our solution address the problems related to the complexity and difficulty of specifying security policies in XACML and other standard languages. We tested the feasibility of our approach by developing the library system (LB) that is composed of several Web services and applying/realizing our approach to enforce security. Keywords. Web Services Security; XACML; Security Policies; RBAC.

The Security Assertion Markup Language (SAML) [2], WS­ Security [3] and WS-XACML [4] are the most successful ones. The main problems with such language-based strategies is the difficulty and expertise needed for specifying the