In highly open systems like the Internet, attributebased access control (ABAC) has proven its appropriateness. This is reflected in the utilization of ABAC in authentication and authorization infrastructures (AAIs). However, specification and maintenance of ABAC policies has turned out to be complex and error-prone even in federations of limited size, especially if heterogeneous attribute schemes are involved. Here, the arising Semantic Web can contribute to a solution. This paper describes an architecture for embedding the access control process into a semantic context employing external knowledge in form of ontologies. We base our proposal on extensions of established open standards. Using the approach presented, policy management at the different sites of a federation is simplified by a semantic attribute management facility.
Privacy issues have hindered centralised authentication approaches from being adopted by a wide range of users. This also applies to authorizations which suffer from privacy problems when stored and processed centrally. We present first steps towards a framework of privacy-aware handling of authorizations. We split up the storage and the processing of access control policies in a user-centric approach. We illustrate our approach at the example of a security infrastructure scenario.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.