A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
Role delegation in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A rule-based framework for role based delegation
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
ACM SIGAda Ada Letters
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Delegation in Distributed Systems: Challenges and Open Issues
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Role-Based Access Control System for Web Services
CIT '04 Proceedings of the The Fourth International Conference on Computer and Information Technology
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Commitment issues in delegation process
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet
Models in Software Engineering
Privilege federation between different user profiles for service federation
Proceedings of the 4th ACM workshop on Digital identity management
Towards the development of privacy-aware systems
Information and Software Technology
A Secure Delegation Model Based on Multi-agent in Pervasive Environments
KES-AMSTA '09 Proceedings of the Third KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications
User-centric identity governance across domain boundaries
Proceedings of the 5th ACM workshop on Digital identity management
Federation proxy for cross domain identity federation
Proceedings of the 5th ACM workshop on Digital identity management
Capability-based delegation model in RBAC
Proceedings of the 15th ACM symposium on Access control models and technologies
IBM Journal of Research and Development
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Towards a Trust Management Enabled Identity Metasystem
International Journal of Organizational and Collective Intelligence
| Hi-index | 0.00 |
Identity federation is a powerful scheme that links accounts of users maintained distinctly by different business partners. The concept of network identity is a driver for accelerating automation of Web Services on the Internet for users on their behalf while protecting privacy of their personally identifiable information. Although users of Web Services essentially delegate some or all privileges to an entity to perform actions, current identity based systems do not take into sufficient consideration delegation between entities hosting Web Services from a viewpoint of identity and privacy. This paper introduces a delegation model for federated identity management systems and proposes a delegation framework to provide solutions for access control in the context of delegation. The framework has a function of transferring user's privileges across the entities encoded in delegation assertion extending SAML (Security Assertion Markup Language). The framework enables users to manage their own privileges, and service providers to control access of entities based on delegated privileges by the users with assistance of a delegation authority that authorizes delegation of a delegating entity and an authentication authority that authenticates a user and manages user's name identifiers.