Policy decomposition for collaborative access control
- 11 June 2008
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 103-112
- https://doi.org/10.1145/1377836.1377853
Abstract
With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are responsible for managing and protecting resources entrusted to them. Access control decisions thus become a collaborative activity in which a global policy must be enforced by a set of collaborating parties without compromising the autonomy or confidentiality requirements of these parties. Unfortunately, none of the conventional access control systems meets these new requirements. To support collaborative access control, in this paper, we propose a novel policy-based access control model. Our main idea is based on the notion of policy decomposition and we propose an extension to the reference architecture for XACML. We present algorithms for decomposing a global policy and efficiently evaluating requests.Keywords
This publication has 9 references indexed in Scilit:
- Attribute-Based Access Control with Hidden Policies and Hidden CredentialsIEEE Transactions on Computers, 2006
- Role-based access management for ad-hoc collaborative sharingPublished by Association for Computing Machinery (ACM) ,2006
- Automated Decomposition of Access Control PoliciesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Verification and change-impact analysis of access-control policiesPublished by Association for Computing Machinery (ACM) ,2005
- Certificate-based authorization policy in a PKI environmentACM Transactions on Information and System Security, 2003
- First experiences using XACML for access control in distributed systemsPublished by Association for Computing Machinery (ACM) ,2003
- Oblivious signature-based envelopePublished by Association for Computing Machinery (ACM) ,2003
- Models for coalition-based access control (CBAC)Published by Association for Computing Machinery (ACM) ,2002
- Policies and roles in collaborative applicationsPublished by Association for Computing Machinery (ACM) ,1996