Negotiating and delegating obligations

Authors:
Meriam Ben-Ghorbel-Talbi;Frédéric Cuppens;Nora Cuppens-Boulahia
Affiliations:
Institut TELECOM/Telecom Bretagne, Cedex, France;Institut TELECOM/Telecom Bretagne, Cedex, France;Institut TELECOM/Telecom Bretagne, Rennes, France
Venue:
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Year:
2010

Citing 15
Cited 0

Towards a logical formalization of responsibility

Proceedings of the 6th international conference on Artificial intelligence and law
Formal Characterizations of Active Databases: Part II

DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
Author Obliged to Submit Paper before 4 July: Policies in an Enterprise Specification

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Delegation of Obligations

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Obligation Monitoring in Policy Management

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Obligation Policies: An Enforcement Platform

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed usage control

Communications of the ACM - Privacy and security in highly dynamic systems
On the modeling and analysis of obligations

Proceedings of the 13th ACM conference on Computer and communications security
Modeling contextual security policies

International Journal of Information Security
Consent-Based Workflows for Healthcare Management

POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
An Extended Role-Based Access Control Model for Delegating Obligations

TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
A delegation model for extended RBAC

International Journal of Information Security
Analysis of privacy and security policies

IBM Journal of Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we describe a security model where users are allowed to control their obligations partially or totally, depending on the security policy. The main motivation of our work is to design more flexible systems that take into account users' requirements in order to avoid obligation violations and therefore sanctions. In our model, users are able to negotiate or delegate their obligations in the case of incapacity to fulfill them. This is an important aspect to be considered, since it is common that, at work or in everyday life, a user may need to negotiate the fulfillment of a given obligation, or also need the help of others to perform a task on his/her behalf. This may be due to several reasons such as absence, vacation, conflict of interest, lack of time, of resource, of competence or simply for the sake of efficiency. In our model, we propose an approach to deal with the negotiation and the delegation of obligations based on the concept of contexts.