Toward principles for the design of ontologies used for knowledge sharing
International Journal of Human-Computer Studies - Special issue: the role of formal ontology in the information technology
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Methodologies, tools and languages for building ontologies: where is their meeting point?
Data & Knowledge Engineering
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Attributed Based Access Control (ABAC) for Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Identity management on converged networks: a reality check
Proceedings of the 15th international conference on World Wide Web
Safety in automated trust negotiation
ACM Transactions on Information and System Security (TISSEC)
Pellet: A practical OWL-DL reasoner
Web Semantics: Science, Services and Agents on the World Wide Web
An XML Alternative for Performance and Security: ASN.1
IT Professional
A representation model of trust relationships with delegation extensions
iTrust'05 Proceedings of the Third international conference on Trust Management
Graphical representation of authorization policies for weighted credentials
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Towards Trustworthy Delegation in Role-Based Access Control Model
ISC '09 Proceedings of the 12th International Conference on Information Security
Decentralized semantic threat graphs
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Hi-index | 0.00 |
When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.