Lourdes Marco scite author profile

Lourdes Marco

5Publications

62Citation Statements Received

110Citation Statements Given

How they've been cited

How they cite others

110

Affiliations

Universidad Politécnica de Madrid

Publications

Order By: Most citations

A model to enable application-scoped access control as a service for IoT using OAuth 2.0

Fernández

Alonso

Marco

et al. 2017

View full text Add to dashboard Cite

Abstract-Access Control is crucial for security management, but in the context of the Internet of Things it cannot be implemented the same way as traditional systems do. Indeed, devices that make the Internet of Things impose some constraints that encourage the design of new access control mechanisms, which should provide flexibility of configuration, as well as support several authorization scopes at the same time, yet being computationally light, dynamic and scalable in order to be ready for the forthcoming Cloud Computing paradigm. In this paper we propose an authorization model that is based on the OAuth 2.0 protocol. From the point of view of the identity provider, this model allows managing roles and permissions for an application-scoped authorization, to enable more flexible scenarios in which multiple tenants take part. With regard to devices, the OAuth 2.0 makes authorization extremely light, because all the required information is provided with a token. Considering all this, authorization management is completely delegated to an external system, so that an as-a-service access control mechanism is provided. The proposed model complies with the security, flexibility and performance requirements that are needed in the Internet of Things paradigm.

show abstract

IAACaaS: IoT Application-Scoped Access Control as a Service

et al. 2017

View full text Add to dashboard Cite

access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability.

show abstract

Enhancing University Services by Extending the eIDAS European Specification with Academic Attributes

et al. 2020

View full text Add to dashboard Cite

The European electronic IDentification, Authentication and trust Services (eIDAS) regulation makes available a solution to ensure the cross-border mutual recognition of electronic IDentification (eID) mechanisms among Member States. However, the basic set of attributes currently provided by each country only contains citizens’ personal and legal attributes, preventing e-services to take full advantage of citizens’ domain-specific information, such as academic or medical data. In this article, we propose an extension of the eIDAS specification to support academic attributes as part of citizens’ profiles. In addition, we present an architecture to enable the connection of eIDAS nodes to national attribute providers to enrich citizens’ profiles with additional academic attributes. We have deployed the eIDAS extension in the specific case of the Spanish eIDAS infrastructure, and we have connected it to an attribute provider of the Technical University of Madrid (UPM). We have also improved a set of institutional services of that university by enabling the connection to eIDAS and enhancing the features offered to students based on their academic profiles retrieved from the eIDAS extended infrastructure. Finally, we have evaluated the resulting services thanks to real students from two different countries, concluding that the widespread adoption of the proposed solution in the academic services of European universities will greatly improve their quality and usability.

show abstract

An Identity Model for Providing Inclusive Services and Applications

2019

View full text Add to dashboard Cite

Information and Communication Technologies (ICT) need to be accessible for every single person in the globe. Governments and companies are starting to regulate products and services to ensure digital accessibility as a mandatory requirement. A recent example is the European standard EN 301 549, where the functional accessibility requirements for ICT products and services are defined. Especially on the Web, these standards must be integrated throughout the development processes, where the selected architecture models play an essential role. Starting from a model that is based on the OAuth 2.0 protocol, and that allows the complete delegation of authorization (so that an as a service access control mechanism is provided), this paper propose an identity model for providing inclusive services and applications. The model takes advantage of the users’ profiles and their functional attributes to determine how to serve web interfaces to them in a specific service. Those attributes are entirely flexible, and can be defined linked to users’ functional capabilities, or even a particular skill. We have implemented the proposed model as an extension of an existing open source Identity Manager and tested it with a real use case deployment. We conclude that the proposed solution enables a new identity paradigm that allows service providers to design their interfaces satisfying the diversity requirements in terms of design and development.

show abstract

Improval of an Educational Platform Through the Integration of an Extensible E-Learning Authoring Tool

López-Pernas¹,

Benito²,

Marco³

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Lourdes Marco

A model to enable application-scoped access control as a service for IoT using OAuth 2.0

IAACaaS: IoT Application-Scoped Access Control as a Service

Enhancing University Services by Extending the eIDAS European Specification with Academic Attributes

An Identity Model for Providing Inclusive Services and Applications

Improval of an Educational Platform Through the Integration of an Extensible E-Learning Authoring Tool

Contact Info

Product

Resources

About