Privacy Preserving Access Control in Service Oriented Architecture
Project Members
Rohit Ranchal, Ruchith Fernando, Zhongjun Jin, Pelin Angin, Bharat Bhargava
Rohit Ranchal, Ruchith Fernando, Zhongjun Jin, Pelin Angin, Bharat Bhargava
Abstract
Service Oriented Architecture (SOA) comprises of a number of loosely-coupled services, which collaborate, interact and share data to accomplish a task. A service invocation can involve multiple services, where each service generates, shares, and interacts with the client's data. These interactions may share data with unauthorized services and violate client's policies. The client has no means of identifying if a violation occurred and has no control or visibility on interactions beyond its trust domain. Such interactions introduce new security challenges which are not present in the traditional systems. We propose a data-centric approach for privacy preserving access control in SOA based on Active Bundles. This approach transforms passive data into an active entity that is able to protect itself. It enables dynamic data dissemination decisions and protects data throughout its lifecycle. The granularity of the data being shared with a service is determined by the client's data dissemination policy.