A federated architecture for information management
ACM Transactions on Information Systems (TOIS)
Federated database systems for managing distributed, heterogeneous, and autonomous databases
ACM Computing Surveys (CSUR) - Special issue on heterogeneous databases
Access control in federated systems
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
An access control framework for multi-user collaborative environments
GROUP '99 Proceedings of the international ACM SIGGROUP conference on Supporting group work
Distributed access-rights management with delegation certificates
Secure Internet programming
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Authorization in Enterprise-Wide Distributed System: A Practical Design and Application
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Delegation in Distributed Systems: Challenges and Open Issues
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Access Control Systems: Security, Identity Management and Trust Models
Access Control Systems: Security, Identity Management and Trust Models
Fine-grained role-based delegation in presence of the hybrid role hierarchy
Proceedings of the eleventh ACM symposium on Access control models and technologies
Delegation in role-based access control
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
| Hi-index | 0.00 |
In a federated system, it is not uncommon for a user profile registered to a particular system to contain enough attributes to request services from that system. Other attributes may be missing from that profile when services are requested from another system. The problem is that currently, when a change in user attributes happens, it is very difficult for the federation to incorporate the changes in order to resolve the conflict of attributes and maintain the consistency of attributes of users between different systems. Currently ready-for-deploy systems such as Liberty Alliance, Microsoft Windows CardSpace (formerly InfoCard) and Shibboleth do not address this issue efficiently. In general, consistency issues of user attributes in federated system via a 2-dimentional view: consistency between member systems (horizontal consistency) and consistency between federation and local system (vertical consistency). In this paper, we discuss the issue of horizontal consistency to achieve better interoperability and fine-granularity for access control decisions in a federated system by analysing the two approaches to achieve the consistency of user attributes: attribute synchronisation and delegation.