Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Trust-Based Security Model and Enforcement Mechanism for Web Service Technology
TES '02 Proceedings of the Third International Workshop on Technologies for E-Services
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
A privacy-aware access control system
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
An XACML-based privacy-centered access control system
Proceedings of the first ACM workshop on Information security governance
Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Implementation of an agent-oriented trust management infrastructure based on a hybrid PKI model
iTrust'03 Proceedings of the 1st international conference on Trust management
Towards flexible credential negotiation protocols
Proceedings of the 11th international conference on Security Protocols
A framework for flexible access control in digital library systems
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Hi-index | 0.00 |
Often an information source on the Web would like to provide different classes of service to different clients. In the autonomous, highly distributed world of the Web, the traditional approach of using authentication to differentiate between classes of clients is no longer sufficient, as knowledge of a client's identity will often not suffice to determine whether a client is authorized to use a service. In [CJW96] we proposed the use of digital credentials to help solve this problem; but their use will in turn introduce a bevy of new problems associated with credential management. In this paper we propose the use of server security policies to aid in the management of a client's digital credentials. We propose a structure for such policies, and briefly describe an implementation of personal security assistants and server security assistants that embodies our proposed approach.