Bachelor Thesis: A Template-based Policy Generation Interface for RESTful Web Services

As defined by the National Institute of Standards and Technology (NIST) “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources” such as “networks, servers, storage, applications and services”. Cloud solutions imply chances for economic advantages concerning investment, administration and maintenance costs. On the downside these advantages are paid dearly with a loss of autonomy; configuration and authorization functionalities are dictated by the service providers. The increase of participating actors represents recent privacy, security and legal issues for service providers and users. The different interests of all involved stakeholders raise a need for distributed access control functionalities which consider the various restrictions of the stakeholders.

This thesis will design and realize a web interface by the help of which a service user will be able to express fine-grained access control policies concerning his resources that he stores in various web services. Therefore, an overview of existing distributed access control solutions and standards will be given as well as their implementation. A particular focus is set on the eXtensible Access Control Markup Language (XACML) which is a standard for distributed access control, developed by the Organization for the Advancement of Structured Information Standards (OASIS). By following the XACML standard the web interface will be realized within the XACML component model. A user’s requirements will be retrieved via the web interface and translated into a complete XACML policy. Test scenarios will be defined for which policies will be generated, those will be tested for syntactical and semantical correctness. Further, the usability of the web interface will be evaluated.


Supervisor: Sebastian Zickau, Dirk Thatmann

Type:  Bachelor Thesis

Duration: 4 months

