Establishing Enterprise Communities
EDOC '01 Proceedings of the 5th IEEE International Conference on Enterprise Distributed Object Computing
Regulating Work in Digital Enterprises: A Flexible Managerial Framework
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
An Internet Authorization Scheme Using Smart-Card-Based Security Kernels
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Scalable Regulation of Inter-enterprise Electronic Commerce
WELCOM '01 Proceedings of the Second International Workshop on Electronic Commerce
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
On the role of roles: from role-based to role-sensitive access control
Proceedings of the ninth ACM symposium on Access control models and technologies
On shouting "Fire!": regulating decoupled communication in distributed systems
Proceedings of the ACM/IFIP/USENIX 2003 International Conference on Middleware
Generalized access control of synchronous communication
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Regularity-based trust in cyberspace
iTrust'03 Proceedings of the 1st international conference on Trust management
Generalized access control of synchronous communication
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Decentralized governance of distributed systems via interaction control
Logic Programs, Norms and Action
| Hi-index | 0.00 |
Abstract: The conventional approach to distributed access-control (AC) tends to be server-centric. Under this approach, each server establishes its own policy regarding the use of its resources and services by its clients. The choice of this policy, and its implementation, are generally considered the prerogative of each individual server. This approach to access-control may be appropriate for many current client-server applications, where the server is an autonomous agent, in complete charge of its resources. But it is not suitable for the growing class of applications where a group of servers, and sometimes their clients, belong to a single enterprise, and are subject to the enterprise-wide policy governing them all. One may not be able to entrust such an enterprise-wide policy to the individual servers, for two reasons: First, it is hard to ensure that an heterogeneous set of servers implement exactly the same policy. Second, as we will demonstrate, an AC policy can have aspects that cannot, in principle, be implemented by servers alone. As argued in a previous paper [11], what is needed in this situation is a concept of communal policy that governs the interaction between the members of a distributed community of agents involved in some common activity, along with a mechanism that provides for the explicit formulation of such policies, and for their scalable enforcement. This paper focuses on the communal treatment of expiration and revocation of the digital certificates used for the authentication of the identity and roles of members of the community.