An authorization framework for sharing data in web service federations

Authors:
Martin Wimmer;Alfons Kemper
Affiliations:
Technische Universität München, Garching bei München, Germany;Technische Universität München, Garching bei München, Germany
Venue:
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Year:
2005

Citing 9
Cited 2

Leases: an efficient fault-tolerant mechanism for distributed file cache consistency

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Evaluation of Strong Consistency Web Caching Techniques

World Wide Web
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments

ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
A Community Authorization Service for Group Collaboration

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Certificate-based authorization policy in a PKI environment

ACM Transactions on Information and System Security (TISSEC)
ServiceGlobe: distributing E-services across the internet

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases

The secondary and approximate authorization model and its application to Bell-LaPadula policies

Proceedings of the eleventh ACM symposium on Access control models and technologies
Risk-based security decisions under uncertainty

Proceedings of the second ACM conference on Data and Application Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present our authorization framework that supports the dynamic set-up of Web service federations for sharing data within virtual federations. Building on previous work, where we showed how the access control of Web services can be consolidated with the access control of the underlying database systems, we focus on the delegation of trust across administrative boundaries, thus enabling inter-organizational collaboration. In order to restrict the flow of (possibly sensitive) access control information, authorization proceeds as an interplay of local and distributed policy enforcement. Scalability and performance of distributed policy enforcement are provided through caching techniques, which have to ensure strong cache consistency.