Scalable Access Control For Web Services

Gayatri Swamynathan
Department of Computer Science
UC Santa Barbara, CA 93106

Tyler Close, Sujata Banerjee, Rick McGeer
HP Labs
Palo Alto, CA 94043

Ben Zhao, Kevin Almeroth
Department of Computer Science
UC Santa Barbara, CA 93106

Controlling access to a large distributed service is a potentially 
error prone process that may negatively impact request throughput 
and usability. Our Authorization-Based Access Control (or ABAC) URL
rewriter solves this problem by providing locally verifiable
authorizations and delegation tracking compatible with common web 
tools. Our access control mechanism is reusable, distributed and 
meets the scaling requirements of large distributed services. We 
demonstrate the successful operation of our proposed mechanism on 
HP's real-time network monitoring and measurement web service, S3.