An Authorization Framework for Sharing Data in Web Service Federations

نویسندگان

  • Martin Wimmer
  • Alfons Kemper
چکیده

In this paper we present our authorization framework that supports the dynamic set-up of Web service federations for sharing data within virtual federations. Building on previous work, where we showed how the access control of Web services can be consolidated with the access control of the underlying database systems, we focus on the delegation of trust across administrative boundaries, thus enabling interorganizational collaboration. In order to restrict the flow of (possibly sensitive) access control information, authorization proceeds as an interplay of local and distributed policy enforcement. Scalability and performance of distributed policy enforcement are provided through caching techniques, which have to ensure strong cache consistency.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

How to deal with credentials in federations without global connectivity

In mobile and pervasive computing environments, not all devices have universal capabilities. To fulfill a certain task, it is often necessary to federate devices with specific resources. Because some devices are mobile, devices from different trust domains may have to interact with each other, and potentially sensitive data may flow from one domain into another. This interaction obviously requi...

متن کامل

A Proposal for Extending the Eduroam Infrastructure with Authorization Mechanisms

Identity federations are emerging in the last years in order to make easier the deployment of resource sharing environments among organizations. One common feature of those environments is the use of access control mechanisms based on the user identity. However, most of those federations have realized that user identity is not enough to offer a more grained access control and value added servic...

متن کامل

TITLE: Deploying Authorization Mechanisms for Federated Services in eduroam (DAMe)

Identity federations are emerging in the last years in order to make easier the deployment of resource sharing environments among organizations. One common feature of those environments is the use of access control mechanisms based on the user identity. However, most of those federations have realized that user identity is not enough to offer a more grained access control and value added servic...

متن کامل

Authorization models for secure information sharing: a survey and research agenda

This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...

متن کامل

Adaptive Information Analysis in Higher Education Institutes

Information integration plays an important role in academic environments since it provides a comprehensive view of education data and enables mangers to analyze and evaluate the effectiveness of education processes. However, the problem in the traditional information integration is the lack of personalization due to weak information resource or unavailability of analysis functionality. In this ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005