Advanced Policies for the Administrative Delegation in Federated Environments

Pérez, Manuel Gil; López, Gabriel; Skarmeta, Antonio F.; Pasic, Aljosa

doi:10.1109/depend.2010.20

Cited by 5 publications

(6 citation statements)

References 4 publications

(4 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, revocation process is not specified in this model 5. Advanced Policies for the Administrative Delegation in Federated Environments: Manuel et al [14] presented delegation solution for educational federated environment. Human to Human and Human to Machine delegation is provided in this model by creating policies based on XACML for each participating institution.…”

Section: Oasis Xacml Administration and Delegationmentioning

confidence: 99%

Taxonomy of Delegation Model

Ali¹,

Habiba²,

Shibli³

2015

2015 12th International Conference on Information Technology - New Generations

View full text Add to dashboard Cite

Protection of shared data from unauthorized users is the most challenging problem of cyber security for which different access control models have been introduced. However, to provide flexibility in access control models, access rights are delegated within a single security domain or across multiple security domains for different collaborative activities. To the best of our knowledge, there is no published standard for delegation models. Therefore, organizations are unable to evaluate existing delegation models when they have to choose appropriate solution that best satisfies their business requirements. In this paper, we have done literature survey and presented the taxonomy of delegation model, which classifies and elaborates the different features, concepts and scenarios of delegation. Presented taxonomy has been used, in this paper, as an assessment criterion for the evaluation of existing delegation models. Finally, we have compared these models against our taxonomy. Our presented taxonomy is very useful to understand the basic delegation concepts and may be first step toward standardization process.

show abstract

Section: Oasis Xacml Administration and Delegationmentioning

confidence: 99%

Taxonomy of Delegation Model

Ali¹,

Habiba²,

Shibli³

2015

2015 12th International Conference on Information Technology - New Generations

View full text Add to dashboard Cite

show abstract

“…In particular, this topic is often described in the context of federated and collaborative environments. Perez et al [41] focus on automatic generation of policies for administrators using an XACML-based framework. The authors present an algorithm for correlating these relational ACPs, thus automating the development of a shared policy.…”

Section: Related Workmentioning

confidence: 99%

“…Leighton and Barbosa [40] study the complexities of relating existing security and ACPs over several heterogeneous databases maintained in a federated environment. Bhatti et al [42] go beyond the work of Perez et al [41] by describing a policy engineering framework for providing federated access control. These proposed policies reside at the query level of a database, contrary to the work proposed in this paper, which describes access control decisions at the data service level.…”

Section: Related Workmentioning

confidence: 99%

“…These proposed policies reside at the query level of a database, contrary to the work proposed in this paper, which describes access control decisions at the data service level. Also, in the domain of federated environments, Perez et al and Bhatti et al both describe federated access management systems to provide security through access control. Perez et al focus on automatic generation of policies for administrators using an XACML‐based framework.…”

Section: Related Workmentioning

confidence: 99%

“…Also, in the domain of federated environments, Perez et al and Bhatti et al both describe federated access management systems to provide security through access control. Perez et al focus on automatic generation of policies for administrators using an XACML‐based framework. They illustrate a solution that separates the concerns of the system administrators and the delegates of the system, similar to our work, which isolates the tasks between the technical and non‐technical stakeholders.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Brown

Hayes

Allison

et al. 2013

Concurrency and Computation

View full text Add to dashboard Cite

A data providing service (DPS) in service-oriented architecture is tasked only with the retrieval of data that are annotated over a domain ontology. One particular motivating application of DPSs is their use within collaborative environments. An important characteristic for the enterprises of such a collaborative environment is the ability to employ data sharing with one another. A major concern in this situation is the protection of each enterprise's privacy while still permitting data sharing. One potential solution is to provide filtered data through access control. This work describes how to implement access control through fine-grained filtering of DPS response messages; it is accomplished using a filtering ontology and relations between the domain ontology of DPS and the proposed filtering ontology. Therefore, enterprises can write enterprise-specific access control policies referencing a common filtering ontology defined within a collaborative environment, enabling access control-based data sharing within the environment. This work additionally illustrates the implementation of our general solution to data providing web services, interpreted by an eXtensible Access Control Markup Language-based access control framework. The implementation is further evaluated in a case study of real world data, provided by a health research institute in London, Canada.K. BROWN ET AL. product. Should data sharing be required within this domain, the data services must also provide some security measures, such as access control policies (ACPs). These policies should reference the shared concepts to maintain the privacy of each enterprise. This is not an easy task as each enterprise may have existing ACPs. The need for specialized data services is emphasized by Carey [5]. Carey outlines a very simplified architecture showing how data services are used by business processes in order to facilitate access to data objects while also suggesting that new methodologies and tools need to be developed for data service modeling as data services are likely to remain important to applications.The data service contract in non-semantic SOA only describes a service syntactically and thus requires human input to semantically interpret the contract. As a result of this, semantic extensions to SOA have been proposed that annotate conventional services to promote interoperability [6][7][8][9]. Services that specialize in retrieving data and are annotated with semantics are termed data providing services (DPSs). A DPS extends a conventional SOA service by providing a DPS profile that semantically annotates the service's contract using a parameterized view over a domain ontology. A domain ontology is a shared, formal description of data that is supported by computational logic for inference; resource description framework schema (RDFS) [10] and Web Ontology Language (OWL) [11] are two potential representations for ontologies on the Web. By semantically annotating a DPS, it is able to be semantically discovered, mediated, and composed.Current me...

show abstract

Trust and Compliance Management Models in Emerging Outsourcing Environments

Pasic

Bareño

Gallego-Nicasio

et al. 2010

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Businesses today have more than ever a sharp focus on reducing capital and operational expenses. Business Process Outsourcing (BPO), Knowledge Process Outsourcing (KPO) and adoption of shared service models have all increased on a global scale. This results in an emerging complexity and volatility of business relationships. As the future internet of services evolves towards dynamic "service marketplaces", where shared services are discovered, negotiated and choreographed at run-time, the new approaches to the compliance management in complex environments are needed. We argue that one of the key issues to address is trust. This paper describes the compliance management models in emerging outsourcing environments that include use of shared services such as cloud computing services. In this context, we briefly present MASTER project that, among other things, integrates several mechanisms to increase the trust levels among stakeholders. Finally, we present a solution for the automated evidence collection at the service provider site and discuss related trust issues.

show abstract

Advanced Policies for the Administrative Delegation in Federated Environments

Cited by 5 publications

References 4 publications

Taxonomy of Delegation Model

Taxonomy of Delegation Model

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Trust and Compliance Management Models in Emerging Outsourcing Environments

Contact Info

Product

Resources

About