Context-Dependent Access Control for Web-Based Collaboration Environments with Role-Based Approach

Wolf, Ronald de; Schneider, Markus

doi:10.1007/978-3-540-45215-7_22

Cited by 11 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Access privileges can also be linked to the method through which users authenticates themselves to the system (e.g. password versus biometrics) [20,26]. These previous works have shown that it is possible to augment existing security mechanisms with the ability to utilise contextual information to further enhance their security capabilities.…”

Section: Context Awareness Acquisition and Usagementioning

confidence: 96%

A context-constrained authorisation (CoCoA) framework for pervasive grid computing

et al. 2008

View full text Add to dashboard Cite

The paper discusses access control implications when bridging Pervasive and Grid computing, and analyses the limitations of current Grid authorisation solutions when applied to Pervasive Grid environments. The key authorisation requirements for Pervasive Grid computing are identified and a novel Grid authorisation framework, the context-constrained authorisation framework CoCoA, is proposed. The CoCoA framework takes into account not only users' static attributes, but also their dynamic contextual attributes that are inherent in Pervasive computing.It adheres to open Grid standards, uses a modular layered approach to complement existing Grid authorisation systems, and inter-works with other Grid security building blocks. A prototype implementation of the CoCoA framework is presented and its performance evaluated.

show abstract

Section: Context Awareness Acquisition and Usagementioning

confidence: 96%

A context-constrained authorisation (CoCoA) framework for pervasive grid computing

et al. 2008

View full text Add to dashboard Cite

show abstract

“…In recent years various contributions have been made to the subjects of access control models and collaborations between organizations. A context-dependent RBAC model [1] has been proposed for enforcing access control in web-based collaboration environments. Organization-based access control (OrBAC) [2] was constructed using an RBAC model as the concrete level, and OrBAC in this case refers to common organizational contextual entities at the abstract level.…”

Section: Related Workmentioning

confidence: 99%

Approaches to access control policy comparison and the inter-domain role mapping problem

Xiang

Wang³

et al. 2016

ITC

View full text Add to dashboard Cite

The requirement to develop an organization makes collaboration with other organizations necessary, so the organizations can share resources to perform common tasks. Different organizational domains use different access control models to protect their resources from unauthorized access. Organizational collaboration is an important goal for distributed computing paradigms, but policy inconsistencies between domains will cause problems in a collaboration model that add to the problems involved in constructing the collaboration model itself. These problems provide the two challenges that motivate the research presented here: (1) the construction of a collaboration model across multiple domains protected by different access control models; and (2) ensuring that the access control policy used by a participating domain contains no inconsistencies; (3) we also present our new approach to solving the inter-domain role mapping (IDRM) problem, i.e., to determine the minimal role set that covers requested permissions from a collaborating domain. We also analyse our algorithms, present the results of our tests, and compare our results with the results of existing approaches.

show abstract

“…Nitsche et al [1998] gives a high-level description of a system extension that was implemented to consider context information for authorization decisions in medical workflows. Wolf and Schneider [2003] suggests to consider the authentication method that was applied to identify a particular subject (e.g., password-based versus certificate-based authentication) as context information to assign/activate certain roles. In Kang et al [2001], an approach for access control in interorganizational workflows is suggested, and Bertino et al [1999] presents a wellelaborated language and algorithms to express and enforce constraints, which ensure that all tasks within a workflow are performed by predefined users/roles.…”

Section: Related Workmentioning

confidence: 99%

An integrated approach to engineer and enforce context constraints in RBAC environments

Strembeck

Neumann

2004

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

We present an approach that uses special purpose role-based access control (RBAC) constraints to base certain access control decisions on context information. In our approach a context constraint is defined as a dynamic RBAC constraint that checks the actual values of one or more contextual attributes for predefined conditions. If these conditions are satisfied, the corresponding access request can be permitted. Accordingly, a conditional permission is an RBAC permission that is constrained by one or more context constraints. We present an engineering process for context constraints that is based on goal-oriented requirements engineering techniques, and describe how we extended the design and implementation of an existing RBAC service to enable the enforcement of context constraints. With our approach we aim to preserve the advantages of RBAC and offer an additional means for the definition and enforcement of fine-grained context-dependent access control policies.

show abstract

Context-Dependent Access Control for Web-Based Collaboration Environments with Role-Based Approach

Cited by 11 publications

References 16 publications

A context-constrained authorisation (CoCoA) framework for pervasive grid computing

A context-constrained authorisation (CoCoA) framework for pervasive grid computing

Approaches to access control policy comparison and the inter-domain role mapping problem

An integrated approach to engineer and enforce context constraints in RBAC environments

Contact Info

Product

Resources

About