A Policy Framework for Access Management in Federated Information Sharing
نویسندگان
چکیده
Current mechanisms for distributed access management are limited in their capabilities to provide federated information sharing while ensuring adequate levels of resource protection. This work presents a policy-based framework designed to address these limitations for access management in federated systems. In particular, it supports: (i) decentralized administration while preserving local autonomy, (ii) fme-grained access control while avoiding rule-explosion in the policy,(iii) credential federation through the use of interoperable protocols, with support for single sign on for federated users, (iv) specification and enforcement of semantic and contextual constraints to support integrity requirements and contractual obligations, and (v) usage control in resource provisioning through effective session management. The paper highlights the significance of our policy-based approach in comparison with related mechanisms. It also presents a system architecture of our implementation prototype.
منابع مشابه
A Policy Engineering Framework for Federated Access Management
Bhatti, Rafae A. Ph.D., Purdue University, May, 2006. A Policy Engineering Framework for Federated Access Management. Major Professor: Arif Ghafoor. Federated systems are an emerging paradigm for information sharing and integration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interoperation. Curren...
متن کاملCERIAS Tech Report 2005-42 A POLICY FRAMEWORK FOR ACCESS MANAGEMENT IN FEDERATED INFORMATION SHARING
متن کامل
Automatic Compliance of Privacy Policies in Federated Digital Identity
Privacy [13] in the digital world is an important problem which is becoming even more pressing as new collaborative applications are developed. The lack of privacy preserving mechanisms is particularly problematic in federated identity management contexts. In such a context, users can seamlessly interact with a variety of federated web services, through the use of single-sign-on mechanisms and ...
متن کاملDesign and Implementation of Collaborative Ciphertext-Policy Attribute-Role based
In a real-world collaborative data sharing scenario in cloud computing, there are multiple users who can access the resource shared by multiple data owners anytime and anywhere. The evolution of user status, roles, and privilege in the federated data sharing environment become even more and more complex to handle. Efficiently managing multiple access control policies and providing appropriate a...
متن کاملManaging Identity and Authorization for Community Clouds
A community cloud operates to serve multiple organizations who have entered into sharing arrangements with one or more cloud providers. Members of the participating organizations may also collaborate on shared projects, which may lead them to exercise shared control over virtual machines or other cloud-hosted resource instances. Software running in the cloud instances may serve the community me...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004