A Security Framework for Access Control in Web Services

In this article, we focus on one of the important aspects of Service Oriented Architecture (SOA), which is access control. The article presents the security requirements that must be followed and it presents a conceptual model of requirements in this field based on the needs. Then since different models such as IBAC ، RBAC ، ABAC and RAdAC have been presented so far, we try to present comparison between existing models is presented. After it the ABAC model’s structure that is more compatible with SOA is described and there is a comparison between the model and the RBACmodel. Since the most important way in implementing SOA is the use of web services, in this article we proposed an architecture for web services in access control to protected services and to adopt some policies on the applications based on ABAC model and SAML standard and XACML languages. Thepossible activity in the architecture and the implementation stages are explained using use case diagram and sequence diagram in.