The popularity of REST grows more and more and so does the need for fine-grained access control for RESTful services. Attribute Based Access Control (ABAC) is a very generic concept that covers multiple different access control mechanism. XACML is an implementation of ABAC based on XML and is established as a standard mechanism. Its flexibility opens the opportunity to specify detailed security...

Ubiquitous computing (ubicomp) demands new security and privacy enhancing technologies for the new information and communication environments where a huge number of computers interact with each other in a distributed and ad hoc manner to access various resources and services. This paper surveys emerging security and privacy enhancing technologies, focusing on access control in ubiquitous comput...

The universal adoption of the Internet requires a fine grained access control in the sharing of sensitive resources. However, existing access control mechanisms are inflexible and do not help in alleviating the management task of administrating users’ access to resources based on security policies. In this paper, we propose an approach to implement fine-grained access control based on RBAC whil...

In large databases, creating user interfaces for browsing or performing insertion, deletion or modification of data is very costly in terms of programming. In addition, each modification of an access control policy causes many potential and unpredictable side effects which cause rule conflicts or security breaches that affect the corresponding user interfaces as well. While changes to access co...

Web services represent a challenge and an opportunity for organizations wishing to expose product and services offerings through the Internet. The Web service technology provides an environment in which service providers and consumers can discover each other and conduct business transactions through the exchange of XML-based documents. However, any organization using XML and Web Services must e...

Service-oriented computing promotes collaboration by defining the standards layer that allows compatibility between disparate domains. Workflows, by taking advantage of the serviceoriented framework, provide the necessary tools to harness services in order to tackle complicated problems. As a result, a service is no longer exposed to a small pre-determined homogeneous pool of users; instead it ...

In this paper, we introduce EB3SEC. This language is used to express access control policies in information systems. Permissions and prohibitions are expressed with a class diagram. EB3SEC also includes a process algebra. This process algebra allows one to express specific constraints over permissions and prohibitions. Organizational constraints such as obligation and separation of duty are als...

Das Konzept der dynamischen Koalitionen beschreibt die temporäre Vernetzung autonomer Agenten, die zum Erreichen eines übergeordneten Ziels Ressourcen und Informationen miteinander teilen. Durch moderne Technologien, etwa durch Service-orientierte Konzepte, können diese Koalitionen über jegliche Systemgrenzen hinweg eingegangen werden. Insbesondere auch im Gebiet der Medizin ist die Betrachtung...

Defining and enforcing obligations are key aspects of privacy protection. Most of today’s access control and data handling languages recognize the importance of obligations and even provide extension points but lack concrete language constructs to actually express obligations. This position paper proposes requirements for a general obligation language spanning access control and usage control. ...

In this paper we propose a logic formalism that naturally supports the encoding of complex security specifications. This formalism relies on a hierarchically structured domain made of subjects, objects and privileges. Authorizations are expressed by logic rules. The formalism supports both negation by failure (possibly unstratified) and true negation. The latter is used to express negative auth...