On the Negotiation of Access Control Policies
Revised Papers from the 9th International Workshop on Security Protocols
Administering access control in dynamic coalitions
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Partial and Fuzzy Constraint Satisfaction to Support Coalition Formation
Electronic Notes in Theoretical Computer Science (ENTCS)
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
A novel authorization mechanism for service-oriented virtual organization
ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
VO-sec: an access control framework for dynamic virtual organization
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
| Hi-index | 0.00 |
We argue that joint administration of access policies for a dynamic coalition formed by autonomous domains requires that these domains set up a coalition authority that distributes attribute certificates authorizing access to policy objects (e.g., ACLs). Control over the issuance of such certificates is retained by member domains separately holding shares of the joint coalition authority's private key with which they sign the attribute certificates. Hence, any (proper) subset of the member domains need not be trusted to protect the private key. However, application servers that implement joint administration of access policies based on attribute certificates must trust all the signers of those certificates, namely all member domains of the coalition. To capture these trust relations we extend existing access control logics and show that the extensions are sound. To reason about joint administration of access policies, we illustrate an authorization protocol in our logic for accessing policy objects using thresholdattribute certificates.