A Semantic-Aware Context-Based Access Control Framework for Mobile Web Services
As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Unlike traditional approaches based on the identity/role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic-aware context-based access control framework (called SA_CBAC) to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. In order to handle context information in the framework, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. This paper also focuses on access control policies and addresses these issues by representing context, user attributes and resource attributes in knowledge base and extending XACML to incorporate the knowledge base.