Attributed based access control (ABAC) for Web services

For companies and government agencies alike, the emergence of Web services technologies and the evolution of distributed systems toward service oriented architectures (SOA) have helped promote collaboration and information sharing by breaking down "stove-piped" systems and connecting them via loosely coupled, interoperable system-to-system interfaces. Such architectures, however, also bring about their own security challenges that require due consideration. Unfortunately, the current information security mechanisms are insufficient to address these challenges. In particular, the access control models today are mostly static and coarsely grained; they are not well-suited for the service-oriented environments…