E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Role-Based Access Control With X.509 Attribute Certificates
IEEE Internet Computing
Access-Control Language for Multidomain Environments
IEEE Internet Computing
A Network Access Control Approach Based on the AAA Architecture and Authorization Attributes
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
A proposal for extending the eduroam infrastructure with authorization mechanisms
Computer Standards & Interfaces
An Approach to Identity Management for Service Centric Systems
ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
A Model for Authentication Credentials Translation in Service Oriented Architecture
Transactions on Computational Science IV
Use of XACML Policies for a Network Access Control Service
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
A function-based user authority delegation model
Information Sciences: an International Journal
Flexible secure inter-domain interoperability through attribute conversion
Information Sciences: an International Journal
An access control system for multimedia content distribution
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Hi-index | 0.00 |
The expansion of inter-organizational scenarios based on different authorization schemes involves the development of integration solutions allowing different authorization domains to share, in some way, protected resources. This paper analyzes different emerging technologies. On the one hand, we have two XML-based standards, the SAML standard, which is being widely accepted as a language to express and exchange authorization data, and the XACML standard, which constitutes a promising framework for access control policies. On the other hand, PERMIS is a trust management system for X.509 attribute certificates and includes a powerful authorization decision engine governed by the PERMIS XML policy. This paper presents a sample scenario where domains using these technologies can be integrated allowing, for example, the use of attribute certificates in a SAML environment and the utilization of the PERMIS authorization engine to decide about the disclosure or concealment of attributes. In order to design this scenario we have based our work on a Credential Conversion Service (CCS) which is able to convert ACs into SAML attributes, and a User Attribute Manager (UAM) which controls the disclosure of credentials. These modules are governed by policies defining the conversion process (the Conversion Policy) and the disclosure of attributes (the Disclosure Policy).