Policy management architecture based on provisioning model and authorization certificates
Authors: 
Arlindo L. Marcon, Jr., Altair O. Santin, Luiz A. de Paula Lima, Jr., Maicon StihlerAuthors Info & Claims
Arlindo L. Marcon, Jr., Altair O. Santin, Luiz A. de Paula Lima, Jr., Maicon StihlerAuthors Info & ClaimsPages 1594 - 1598
Abstract
The unified management of user rights and access control policies in a corporation with many units is not easy to implement. Moreover, most of the distributed access control systems are complex and heterogeneous, making it hard to maintain a unified control over all fine grained policies employed by each unit. This paper proposes a unified administration of policies for corporation environments by applying a management scheme based on authorization certificates. These certificates allow the derivation of new fine grained policies in the domain of each unit, assuring that no corporation policies will be violated. These new policies update automatically the corporation repository, preserving the unified management of user rights, and then update the corresponding policy repository of each unit. Our proposal provides a real loosely coupled policy management scheme using a serverless public key infrastructure and the Web Services technology. The prototype shows the proposal viability.
References
[1]
OASIS. Web Services Security: SOAP Message Security 1.1 - WS-Security v 1.1. Access: Sep. 2007. Available at: http://www.oasis-open.org/specs/index.php#wssv1.1.
[2]
OASIS. WS-Trust 1.3 Access: Sep. 2007. Available at: http://www.oasis-open.org/specs/index.php#wstrustv1.3.
[3]
W3C. Web Services Policy Access: April 2008. Available at: http://www.w3.org/TR/ws-policy/.
[4]
OASIS. WS-SecurityPolicy v 1.2. Access: Jan. 2008. Available at: http://www.oasis-open.org/specs/index.php#wssecpolv1.2.
[5]
W3C. XML Key Management Specification - XKMS v 2.0. Access: Sep. 2007. Available at: http://www.w3.org/TR/ xkms2/.
[6]
OASIS. Service Provisioning Markup Language - SPML v 2. Access: Sep. 2007. Available at: http://www.oasis-open.org/specs/index.php#spmlv2.0.
[7]
OASIS. Assertions and Protocols for the OASIS Security Assertion Markup Language - SAML v 2.0. Access: Sep. 2007. Available at: http://www.oasis-open.org/specs/index.php#samlv2.0.
[8]
OASIS. eXtensible Access Control Markup Language - XACML v 2.0. Access: Sep. 2007. Available at: http://www.oasis-open.org/specs/index.php#xacmlv2.0.
[9]
C. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. Thomas, and T. Ylonen. SPKI Certificate Theory. RFC 2693, 1999.
[10]
NIST. Entity Authentication Using Public Key Cryptography. FIPS PUB 196. Access: Sep. 2007. Available at: http://csrc.nist.gov/publications/fips/fips196/fips196.pdf.
[11]
OASIS. SAML 2.0 profile of XACML v2.0 Access: Sep. 2007. Available at: http://www.oasis-open.org/specs/index.php#samlv2.0.
[12]
A. Morcos, "A Java Implementation of Simple Distributed Security Infrastructure," in EECS. Master Dissertation. Massachusetts Institute of Technology, 1998.
[13]
E. R. Mello and J. S. Fraga, "Mediation of Trust across Web Services," in ICWS'05. IEEE, 2005.
[14]
S. Hai-bo and H. Fan, "An Attribute-Based Access Control Model for Web Services," in proceedings of PDCAT'06, IEEE, 2006.
Index Terms
- Policy management architecture based on provisioning model and authorization certificates
Recommendations
DPMF: A policy management framework for heterogeneous authorization systems in grid environments
Content management and delivery through P2P-based content networksIn order to enable an open Grid environment to support organized resource sharing between multiple heterogeneous Virtual Organizations (VOs), we need to tackle the challenges of dynamic membership of VOs and trust relationships between the VOs. We ...
An advanced policy based authorisation infrastructure
DIM '09: Proceedings of the 5th ACM workshop on Digital identity managementWe describe a more advanced authorisation infrastructure for identity management systems which in addition to the traditional Policy Enforcement Point (PEP) and Policy Decision Point (PDP) has an application independent policy enforcement point (AIPEP), ...
Formal specification and management of security policies with collective group obligations
Obligations are an essential element of security policies since they enable the specification of many security requirements such as availability, privacy, usage control and data protection. In everyday life, the fulfillment of obligations is often the ...
Comments
Information & Contributors
Information
Published In
March 2009
2347 pages
Copyright © 2009 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 March 2009
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SAC09
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 199Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in