OpenID 2.0: a platform for user-centric identity management
Proceedings of the second ACM workshop on Digital identity management
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Privacy-Aware Role-Based Access Control
IEEE Security and Privacy
A card requirements language enabling privacy-preserving access control
Proceedings of the 15th ACM symposium on Access control models and technologies
Achieving secure, scalable, and fine-grained data access control in cloud computing
INFOCOM'10 Proceedings of the 29th conference on Information communications
Enabling Privacy-preserving Credential-based Access Control with XACML and SAML
CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology
Towards a secure rendezvous network for future publish/subscribe architectures
FIS'10 Proceedings of the Third future internet conference on Future internet
Naming in content-oriented architectures
Proceedings of the ACM SIGCOMM workshop on Information-centric networking
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
Information is the building block of Information Centric Networks (ICNs). Access control policies limit information dissemination to authorized entities only. Defining access control policies in an ICN is a non-trivial task as an information item may exist in multiple copies dispersed in various network locations, including caches and content replication servers. In this paper we propose an access control enforcement delegation scheme which enables the purveyor of an information item to evaluate a request against an access control policy, without having access to the requestor credentials nor to the actual definition of the policy. Such an approach has multiple merits: it enables the interoperability of various stakeholders, it protects user identity and it can set the basis for a privacy preserving mechanism. An implementation of our scheme supports its feasibility.