Analysis of an Access Control System for RESTful Services

Hüffmeyer, Marc; Schreier, Ulf

doi:10.1007/978-3-319-38791-8_22

Cited by 4 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hffmeyer et.al. [21] proposed an access control language for RESTful Services. Our approach follows a similar resource-centric approach, however the language in [21] is purely an access control model and does not provide any construct to capture privacy and re-sharing requirements.…”

Section: Related Workmentioning

confidence: 99%

A Policy Framework for Subject-Driven Data Sharing

Chowdhury

Colman

Han

et al. 2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Organizations (e.g., hospitals, university etc.) are custodians of data on their clients and use this information to improve their service. Personal data of an individual therefore ends up hosted under the administration of different data custodians. Individuals (data subjects) may want to share their data with others for various reasons. However, existing data sharing mechanisms provided by the data custodians do not provide individuals enough flexibility to share their data, especially in a cross-domain (data custodian) environment. In this paper, we propose a data sharing policy language and related framework for a data subject to capture their fine-grained data sharing requirements. This proposed language allows the data subject to define data sharing policies that consider context conditions, privacy obligations and re-sharing restrictions. Furthermore, we have implemented a prototype to demonstrate how data subjects can define their data sharing policies and how the policies can be used and enforced at runtime.

show abstract

Section: Related Workmentioning

confidence: 99%

A Policy Framework for Subject-Driven Data Sharing

Chowdhury

Colman

Han

et al. 2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Hüffmeyer and Schreier proposed RestACL language for the protection of RESTful services [31]. Alam et al present xDAuth framework [32] that supports authorization and delegation in the RESTful service architecture, which relies on XACML as policy language [9].…”

Section: Related Workmentioning

confidence: 99%

Structuring the Scope: Enabling adaptive and multilateral authorization management

Suzic

Reiter

Marsalek

2017

2017 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

In this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of crossorganizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and selfdescriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

show abstract