A procedure model for the development of an authorization architecture, which spans different IT systems and organizational units, is presented. Based on a conceptual discussion of authorization and authorization architecture, existing approaches are discussed. As basic requirements for authorization architecture, a theoretical foundation and a transparent derivation of the procedure model and ...

Several models of authorization have been proposed for object-oriented databases supporting diierent levels of granularity. However, these models do not support authorization based on database contents and context. A way of handling context and content-dependent authorization is by using views. In this paper, we present a model of authorization, based on a view model proposed by Bertino 4], tha...

Because information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows that leak information or that influence how authority is delegated between principals. We argue that interactions between information flow and au...

This paper describes an access control model based on X.509v3 certi cates for user authorization on HTTP servers secured by SSL. The authorization model presented is based on the concept of authentication roles , that are the handlers that identify a single certi cate (or a group of them) inside the access control list (ACL). The separation between authentication (role mapping) and authorizatio...

Service-oriented architecture (SOA) is widely recognized as an especially effective solution for integrating loosely coupled and distributed resources. One of the major challenges in developing SOAbased applications is the management of authorization requirements in distributed environments. This paper proposes a formal authorization model based on a role-based access control model to demonstra...

Real-world applications routinely make authorization decisions based on dynamic computation. Rea-soning about dynamically computed authority is challenging. Integrity of the system might be compro-mised if attackers can improperly influence the authorizing computation. Confidentiality can also becompromised by authorization, since authorization decisions are often based on sensitive...

Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functio...

A workflow-based RBAC model for web services (WFRBAC4WS) has been proposed in this paper. The model organizes web services in different autonomous domains through workflow mechanism, and maps RBAC model to tasks of workflow model. The paper details the authorization procedure of WFRBAC4WS model, the lifetime management, the extension of authorization constraint and the formal descriptions of th...

This paper presents a formal model that interprets authorization policy behaviors. The model establishes a connection of applying authorization policies on an administration domain with dissecting the domain into the authorized, denied, and undefined divisions. This connection enables us to analyze authorization policy development problems such as policy merge, inconsistency, ambiguity, and red...