accesscontrol management in a collaborative environment composed of a multitude of distributed autonomous organizations is a challenging task. To answer the challenge, in this paper we propose a novel approach that i...
详细信息
ISBN:
(纸本)9781450381048
accesscontrol management in a collaborative environment composed of a multitude of distributed autonomous organizations is a challenging task. To answer the challenge, in this paper we propose a novel approach that incorporates semantic technologies in the Attribute-basedaccesscontrol (ABAC) approach. Building on the basic principles of ABAC, our approach allows for a highly expressive modeling of the context in which access decisions are made, by providing mechanisms to describe rich relationships among entities, which can evolve over time. In addition, our system works in a truly decentralized manner, which makes it suitable for geographically distributed enterprise systems. We show the feasibility in practice of our approach through some experimental results.
This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating d...
详细信息
This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating data resources in Grids. However, the identity-basedaccesscontrol in OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the accesscontrol information of individual users has to be maintained by each resource provider. To solve these problems, the authors propose a semantic-based access control system using Shibboleth and ontology. Shibboleth, an attribute authorization service, is used to manage the user attributes, and the Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify accesscontrol policies based on concepts and user roles, instead of individual resources and user identities. As a result, the administration overhead of the resource providers is reduced considerably. In addition, the eXtensible accesscontrol Markup Language (XACML) is used to specify the accesscontrol policies uniformly across multiple VOs. The authors also developed an XACML policy administration tool that allows the administrators to create, update, and manage XACML policies. The performance analysis shows that our proposed system adds only a small overhead to the existing security mechanism of OGSA-DAI.
The emergence of ubiquitous mobile devices, such as mobile phones. PDAs, and laptops, has sparked the growth of mobile web services. Unlike traditional identity/role based approaches for accesscontrol, access decisio...
详细信息
ISBN:
(纸本)9783642214103
The emergence of ubiquitous mobile devices, such as mobile phones. PDAs, and laptops, has sparked the growth of mobile web services. Unlike traditional identity/role based approaches for accesscontrol, access decisions for mobile web services will depend on the combination of the required attributes of user and the contextual information. As well as, it is crucial that the policy system can understand and interpret semantics of the context. This paper proposes a context-aware semantic-based access control model (called CASBAC) to be applied in mobile web services environment by combining semantic web technologies with context-aware policy mechanism. The proposed model adopts a context-centric policy method, and grants permissions to users according to current context information and allows high-level description and reasoning about contexts and policies. The model-theoretic semantics of CASBAC is an extension of the model-theoretic semantics defined in the OWL standard and SWRL.
暂无评论