The cloud based systems offer Software as a Service (SaaS). This provides users a standard, robust, scalable & affordable software which they can access anytime from anywhere. The whole software may be composed of many small services which can be provided by different collaborating cloud service providers. The Service represents a software component that has the potential of reuse. In secured systems, Access Control Mechanism is very frequently used to restrict information flow to unauthorized users. Access Control Mechanism can be provided as a service so that it can be integrated with Software as a Service application. An Attribute Based Access Control (ABAC) mechanism is fine-grained, dynamic & scalable method to control access of the resources. A comprehensive policy can be deployed to specify access control rules. Policy Machine architecture can be used for policy specification and enforcement. Here we present an XML based framework to provide ABAC mechanism as a service based on Policy Machine architecture.

Access Control, Attribute Based Access Control, Service, Service Oriented Architecture, Policy Machine, XML

[1] V.C. Hu et al., “Guide to Attribute Based Access Control (ABAC) Definition and Considerations”, NIST Special Publication 800-162, USA, pp.4-14, 2014.
[2] D. Ferraiolo, V. Atluri, S. Gavrila, “The Policy Machine: a Novel Architecture and Framework for Access Control Policy Specification and Enforcement”, Journal of Systems Architecture, Vol.57, No.4, pp.412-424, 2011.
[3] D.R. Kuhn, E.J. Coyne, T.R. Weil, “Adding Attributes to Role Based Access Control”, IEEE Computer, Vol.43, No.6, pp.79-81, 2010.
[4] J. Park, R. Sandhu, “The UCONabc usage control model”, ACMTransactions on Information and System Security, Vol.5, No.6, pp.128-174, 2007.
[5] E. Damiani ; S.D.C. di Vimercati ; P. Samarati, “New paradigms for access control in open environments”, In The Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2005), Athens, Greece, pp.540-545, 2005.
[6] P. Bonatti, P. Samarati, “Regulating service access and information release on the web”, In The Proceedings of the 7th ACM conference on Computer and communications security (CCS 2000), Athens, Greece, pp.134-143, 2000.
[7] P. Bonatti, P. Samarati, “A uniform framework for regulating service access and information release on the web”, Journal of Computer Security, Vol.10, No.3, pp.241-271, 2002.
[8] T. Yu, X. Ma, M. Winslett, “Prunes: an efficient and complete strategy for automated trust negotiation over the internet”, In The Proceedings of the 7th ACM conference on Computer and communications security (CCS 2000), Athens, Greece, pp.210-219, 2000.
[9] T. Yu, M. Winslett, K.E. Seamons, “Interoperable strategies in automated trust negotiation”, In The Proceedings of the 8th ACM conference on Computer and communications security (CCS 2001), Philadelphia, USA, pp.146-155, 2001.
[10] T. Yu, M. Winslett, K.E. Seamons, “Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation”, Journal of ACM Transactions on Information and System Security (TISSEC), Vol.6, No.1, pp.1-42, 2003.
[11] L. Wang, D. Wijesekera, S. Jajodia, “A logic based framework for attribute based access control”, In The Proceedings of the 2004 ACM workshop on Formal methods in security engineering (FMSE 2004), Washington DC, USA, pp.45-55, 2004.
[12] E. Yuan, J. Tong, “Attributed based access control (ABAC) for web services”, In The Proceedings of the IEEE International Conference on Web Services (ICWS 2005), Washington DC, USA, pp.561-569, 2005.
[13] I. F. Cruz, R. Gjomemo, P. Lin, M. Orsini, “A location aware role and attribute based access control system”, In The Proceedings of the 16th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (ACM GIS 2008), California, USA, pp.527-528, 2008.
[14] X. Jin, R. Krishnan, R. Sandhu, “A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC”, N. Cuppens-Boulahia et al. (Eds.): DBSec 2012, LNCS 7371, Frankfurt, Germany, pp.41-55, 2012.
[15] M. Gudgin et al., “SOAP Version 1.2 Part 1: Messaging Framework (Second Edition)”, W3C Recommendation, USA, pp. 1-10, 2007.
[16] M. Gudgin, N. Mendelsohn, M. Nottingham, H. Ruellan, “SOAP Message Transmission Optimization Mechanism”, W3C Recommendation, USA, pp. 1-5, 2005.
[17] S. Graham, D. Hull, B. Murray, “Web Services Base Notification 1.3”, OASIS Standard, USA, pp. 1-68, 2006.
[18] R. Chinnici, J. Moreau, A. Ryman, S. Weerawarana, “Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language”, W3C Recommendation, USA, pp. 1-17, 2007.
[19] R. Chinnici, H. Haas, A. A. Lewis, J. Moreau, D. Orchard, S. Weerawarana, “Web Services Description Language (WSDL) Version 2.0 Part 2: Adjuncts”, W3C Recommendation, USA, pp. 1-22, 2007.
[20] T. Agarwal, N. Sharma, “Efficient Load Balancing Using Restful Web Services in Cloud Computing: A Review”, International Journal of Scientific Research in Computer Sciences and Engineering, Vol.6, No.3, pp.67-70, 2018.
[21] A. A. Ekre, N. M. Nimbarte, S.V. Balamwar, “An Empirical Proposition to Load Balancing Effectuate on AWS Hybrid Cloud”, International Journal of Scientific Research in Computer Sciences and Engineering, Vol.6, No.4, pp.9-17, 2018.
[22] R. Bhavani, K. S. Suganya, D.Y. Priyanka, “Autonomous PHR Sharing: A Patient Centric Scalable and Flexible e-Healthcare Framework”, International Journal of Scientific Research in Network Security and Communication, Vol.6, No.2, pp.11-14, 2018.
[23] P. Devi, “Attacks on Cloud Data: A Big Security Issue”, International Journal of Scientific Research in Network Security and Communication, Vol.6, No.2, pp.15-18, 2018.