Assuring security and privacy for digital library transactions on the Web: client and server security policies

Authors:
Marianne Winslett;Neil Ching;Vicki Jones;Igor Slepchin
Affiliations:
-;-;-;-
Venue:
IEEE ADL '97 Proceedings of the IEEE international forum on Research and technology advances in digital libraries
Year:
1997

Citing 0
Cited 12

Regulating service access and information release on the Web

Proceedings of the 7th ACM conference on Computer and communications security
A uniform framework for regulating service access and information release on the web

Journal of Computer Security
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Trust-Based Security Model and Enforcement Mechanism for Web Service Technology

TES '02 Proceedings of the Third International Workshop on Technologies for E-Services
Authorization in trust management: Features and foundations

ACM Computing Surveys (CSUR)
A privacy-aware access control system

Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
An XACML-based privacy-centered access control system

Proceedings of the first ACM workshop on Information security governance
Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project

Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Implementation of an agent-oriented trust management infrastructure based on a hybrid PKI model

iTrust'03 Proceedings of the 1st international conference on Trust management
Requirements for identity management from the perspective of multilateral interactions

Digital privacy
Towards flexible credential negotiation protocols

Proceedings of the 11th international conference on Security Protocols
A framework for flexible access control in digital library systems

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Often an information source on the Web would like to provide different classes of service to different clients. In the autonomous, highly distributed world of the Web, the traditional approach of using authentication to differentiate between classes of clients is no longer sufficient, as knowledge of a client's identity will often not suffice to determine whether a client is authorized to use a service. In [CJW96] we proposed the use of digital credentials to help solve this problem; but their use will in turn introduce a bevy of new problems associated with credential management. In this paper we propose the use of server security policies to aid in the management of a client's digital credentials. We propose a structure for such policies, and briefly describe an implementation of personal security assistants and server security assistants that embodies our proposed approach.