Separating Between Trust and Access Control Policies: A necessity for Web Applications
نویسندگان
چکیده
As Security is the key of success for Web Applications most of the efforts that have been put in this domain have focused on wining users’ trust to adopt the Web environment for their business operations. Although user trust is of paramount importance for Web applications, one also needs to consider Web applications trust towards users here after referred to as user trustworthiness. This paper explains why management of trust/mistrust is an increasing security issue in Web environment and proposes an authorization architecture framework that clearly separates between access control policies and mistrust management. It also describes a model that evaluates trustworthiness of users trust towards its integration in the authorization process.
منابع مشابه
A model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملCONFIDENTIAL DRAFT: Path-based Access Control for Enterprise Networks
Enterprise networks are ubiquitious and increasingly complex. The mechanisms for defining security policies in these networks have not kept up with the advancements in networking technology. In most cases, system administrators must define policies on a per-application basis, and subsequently, these policies do not interact. For example, there is no mechanism that allows a firewall to communica...
متن کاملWeb services access control architecture incorporating trust
Purpose – This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users. Design/methodology/approach – A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is define...
متن کاملTrust management for widely distributed systems
In recent years, we have witnessed the evolutionary development of a new breed of distributed systems. Systems of this type share a number of characteristics highly decentralized, of Internet-grade scalability, and autonomous within their administrative domains. Most importantly, they are expected to operate collaboratively across both known and unknown domains. Prime examples include peer-to-p...
متن کاملFederated Authorization for Software-as-a-Service Applications
Software-as-a-Service (SaaS) is a type of cloud computing in which a tenant rents access to a shared, typically web-based application hosted by a provider. Access control for SaaS should enable the tenant to control access to data that are located at the provider based on tenant-specific access control policies. To achieve this, state-of-practice SaaS applications provide application-specific a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001