Delegation of access rights in multi-domain service compositions

Bussard, Laurent; Nano, Anna; Pinsdorf, Ulrich

doi:10.1007/s12394-009-0031-5

Cited by 14 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Machine to Machine: This form of delegation is performed between two software applications (or agents), where one application delegate its gained privileges to another application. This form may be performed for authentication in service composition scenario [15] as shown in Fig. 3, where Facebook delegate subset of rights to Skype, on user data with the consent of user.…”

Section: A Delegation Formsmentioning

confidence: 99%

“…"Revocation" is used to take away delegated rights from delegatee in two ways namely; forced revocation or auto revocation [15]. In forced revocation, delegator can revoke delegated privileges any time he wants.…”

Section: G Delegation Characteristicsmentioning

confidence: 99%

“…Delegation of access rights in multi-domain service compositions: Laurent et al [15] focused on delegation in service composition scenarios. In this model, delegation can be driven by delegatee and delegator to provide Human to Human and Human to Machine delegation, respectively.…”

Section: Oasis Xacml Administration and Delegationmentioning

confidence: 99%

See 2 more Smart Citations

Taxonomy of Delegation Model

Ali¹,

Habiba²,

Shibli³

2015

2015 12th International Conference on Information Technology - New Generations

View full text Add to dashboard Cite

Protection of shared data from unauthorized users is the most challenging problem of cyber security for which different access control models have been introduced. However, to provide flexibility in access control models, access rights are delegated within a single security domain or across multiple security domains for different collaborative activities. To the best of our knowledge, there is no published standard for delegation models. Therefore, organizations are unable to evaluate existing delegation models when they have to choose appropriate solution that best satisfies their business requirements. In this paper, we have done literature survey and presented the taxonomy of delegation model, which classifies and elaborates the different features, concepts and scenarios of delegation. Presented taxonomy has been used, in this paper, as an assessment criterion for the evaluation of existing delegation models. Finally, we have compared these models against our taxonomy. Our presented taxonomy is very useful to understand the basic delegation concepts and may be first step toward standardization process.

show abstract

Section: A Delegation Formsmentioning

confidence: 99%

Section: G Delegation Characteristicsmentioning

confidence: 99%

See 1 more Smart Citation

Taxonomy of Delegation Model

Ali¹,

Habiba²,

Shibli³

2015

2015 12th International Conference on Information Technology - New Generations

View full text Add to dashboard Cite

show abstract

“…Distributed approaches usually introduce sophisticated architecture layers and coordinative protocols that service providers must implement to establish integrated interaction [3,12,18]. The information flow control in distributed approach is enforced in a distributed manner.…”

Section: Related Workmentioning

confidence: 99%

An information flow control approach in composite services

Chen

Wang

et al. 2013

IET International Conference on Information and Communications Technologies (IETICT 2013)

View full text Add to dashboard Cite

Distributed information flow control has several advantages over centralized information flow control for securing composite services in service oriented environments. In this paper, an approach of distributed information flow control which utilizes security labels to convey control information is considered. At first, security labels are formally defined to describe the control information of information flow control. The computation method of security labels is presented as well. Secondly, a label-based information flow control protocol, namely LBIFC, is presented. This protocol is based on request/decision protocol between service providers. Thirdly, both the theoretical analysis and experimental validation of proposed LBIFC are provided. The results show that our solution not only keeps the security capabilities of information flow control, but also reduces the complexity of flow control protocol in composite services.

show abstract

“…A common principle is to dynamically bind services hosted in different security domains and by different legal entities. We refer to this as "cross-domain service composition" [7]. In many cases, a distributed system might involve the processing of personal data and thus requires privacy-enhancing technologies [16].…”

Section: Motivationmentioning

confidence: 99%

Abstract Privacy Policy Framework: Addressing Privacy Problems in SOA

Bussard

Pinsdorf

2012

Open Problems in Network Security

Self Cite

View full text Add to dashboard Cite

Abstract. This paper argues that privacy policies in SOA needs a lifecycle model. We formalize the lifecycle of personal data and associated privacy policies in Service Oriented Architectures (SOA), thus generalizing privacy-friendly data handling in cross-domain service compositions. First, we summarize our learning in two research projects (PrimeLife and SecPAL for Privacy) by proposing generic patterns to enable privacy policies in SOA. Second, we map existing privacy policy technologies and ongoing research work to the proposed abstraction. This highlights advantages and shortcomings of existing privacy policy technologies when applied to SOA.

show abstract

Delegation of access rights in multi-domain service compositions

Cited by 14 publications

References 16 publications

Taxonomy of Delegation Model

Taxonomy of Delegation Model

An information flow control approach in composite services

Abstract Privacy Policy Framework: Addressing Privacy Problems in SOA

Contact Info

Product

Resources

About