Autonomic computing and communication has become a new paradigm for dynamic service integration and resource sharing in today's ambient networks. Devices and systems need to dynamically collaborate and federate with little known or even unknown parties in order to perform everyday tasks. Those devices and systems act as independent nodes that autonomously manage and enforce their own security policies.Thus in autonomic pervasive communications clients may not know a priori what access rights they need in order to execute a service nor service providers know a priori what credentials and privacy requirements clients have so that they can take appropriate access decisions.To solve this problem we propose a negotiation scheme that protects security and privacy interests with respect to information disclosure while still providing effective access control to services. The scheme proposes a negotiation protocol that allows entities in a network to mutually establish sufficient access rights needed to grant a service.
Business Processes for Web Servic es (BPEL4WS) ar e the new paradigms for lightweight ente rprise int egr ation. They cross organizational boundaries and are provided by enti t ies th at see each other just as business partners. Web services require shi ft in the access cont rol mechanism : from identity-based access control to trust management and negotiation , but thi s is not enough for cross organizational bu sin ess processes. For many businesses no partner may guess apriori what kind of credentials will be sent by clients and clients may not know apriori which credent ials ar e required for complet ing a business process. We pro pose a logical fram ework for reasoning about access cont rol for BPEL4WS and a BP EL4WS based impl ementation usin g Collaxa server . Our model is based on int eraction a nd exchange of requ ests for supplying or declining missing crede nt ials. We identify th e formal reasoning services (deduction, a bd uct ion, consiste ncy checking) th at charact erise th e problem and discuss their impl ementation.
Digital Ecosystems is the new paradigm for dynamic IT business integration. A Digital Ecosystem consists of institutions that compete, collaborate, and form stable or unstable federations. Such a dynamic environment becomes a bottleneck for identity management solutions. Existing solutions are either too restricting and not flexible enough to support the dynamic nature of ecosystems or they are too complex and difficult to adopt by Small and Medium-size Enterprises (SMEs).This paper presents an identity management model for automated processing of identity information between distributed ecosystem partners. The model emphasizes on its practical, clear and easy to deploy framework. The model is based on the new OASIS SAML standard to provide interoperability and convergence between existing identity technologies. The paper presents the basic and extended identity models for single services and service compositions.The aim of this research is to allow SMEs to use and enhance their current identity technology with a practical and easy to implement identity management solution that scales up to the dynamic and distributed nature of digital ecosystems.
Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented.
Interactive access control allows a server to compute and communicate on the fly the missing credentials to a client and to adapt its responses on the basis of presented and declined credentials. Yet, it may disclose too much information on which credentials a client needs. Automated trust negotiation allows for a controlled disclosure on which credentials a client has during a mutual disclosure process. Yet, it requires prearranged policies and sophisticated strategies. How do we bootstrap from simple security policies a comprehensive interactive trust management and negotiation scheme that combines the best of both worlds without their limitations? This is the subject of the present paper.
Abstract. We present the Entity Name System (ENS), an enabling infrastructure, which can host descriptions of named entities and provide unique identifiers, on large-scale. In this way, it opens new perspectives to realize entity-oriented, rather than keyword-oriented, Web information systems. We describe the architecture and the functionality of the ENS, along with tools, which all contribute to realize the Web of entities.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.