Reconciling role based management and role based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Trust Negotiations: Concepts, Systems, and Languages
Computing in Science and Engineering
Trust Infrastructure for Policy based Messaging In Open Environments
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
Super-sticky and declassifiable release policies for flexible information dissemination control
Proceedings of the 5th ACM workshop on Privacy in electronic society
Coordinating access control in grid services
Concurrency and Computation: Practice & Experience - Middleware for Grid Computing: Future Trends (MGC2006)
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
An advanced policy based authorisation infrastructure
Proceedings of the 5th ACM workshop on Digital identity management
Proceedings of the 2009 ACM workshop on Secure web services
Distributed middleware enforcement of event flow security policy
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
Data usage control enforcement in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Existing policy enforcement points (PEPs) typically call a local policy decision point (PDP) running at the local site, either embedded in the application, or running as a local stand alone service. In distributed applications, the PDPs at each site do not usually coordinate decision making amongst themselves, and do not pass policies between themselves. Thus it becomes very difficult to enforce "sticky" policies such as privacy policies and obligations at all the sites in a distributed application. This paper looks at different ways in which the PEPs and PDPs of a distributed application may share policies between themselves so as to enforce "sticky" policies throughout a distributed application. Three alternative models are described, the Application Protocol Enhancement Model, the Encapsulating Security Layer Model and the Back Channel Model. The strengths and weaknesses of the three models are evaluated, and we compare them to prior research in the field.