Abstract
Federations of autonomous domains allow resource sharing in a highly dynamic manner, improving organizational response times and facilitating cooperation between different information systems. To accomplish this, it is essential to provide a scalable and flexible mechanism that allows security management and acts at application level independently of operating system or platform. In this paper we present a scalable solution that enables interoperation between different systems participating in a dynamic federation, while it also allows the participating systems to retain their autonomy; we present the software architecture of this distributed access control enforcement mechanism and describe our implementation choices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bhatti, E., Bertino, E., Ghafoor, A.: A Policy framework for Access Management in Federated Information Sharing. In: IFIP Joint Working Conference on Security Management, Integrity, and Internal Control in Information systems, Fairfax USA, December 2005, pp. 95–120. Springer, Heidelberg (2005)
Shands, D., Yee, R., Jacobs, J.: Secure Virtual Enclaves: Supporting Coalition Use of Distributed Application Technologies. In: proceedings of the Network and Distributed System Security Symposium, NDSS 2000, San Diego, California, USA (2000)
Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Tranactions on Inormation Systems Security (TISSEC) 5(1), 1–35 (2002)
Khurana, H., Gligor, V.D., Linn, J.: Reasoning about Joint Administration of Coalition Resources. In: Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, July 2002, pp. 429–439. IEEE press, Los Alamitos (2002)
Bharadwaj, V., Baras, J.: Towards automated negotiation of access control policies. In: Proc. of the 4th IEEE International workshop on Policies for distributed Systems and Networks (POLICY 2003), pp. 77–86. IEEE press, Los Alamitos (2003)
Moses et al.: eXtensible Access Control Markup Language specification, v.2 Technical Overview (May 2004), Available: XACML Oasis TC Homepage, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Hughes et al.: Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1. OASIS (May 2004), http://xml.coverpages.org/saml.html
http://www.w3.org/TR/xpath (Accessed May 2006)
Belsis, P., Gritzalis, S., Katsikas, S.: A Scalable Security Architecture enabling Coalition Formation between Autonomous Domains. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2005), Athens, Greece, December 2005, pp. 560–565. IEEE Computer Society Press, Los Alamitos (2005)
Ao, X., Minsky, N.H.: Flexible regulation of distributed coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, Springer, Heidelberg (2003)
Malatras, A., Pavlou, G., Belsis, P., Grtizalis, S., Skourlas, C., Chalaris, I.: Deploying Pervasive Secure Knowledge Management Infrastructures. International Journal of Pervasive Computing and Communications 1(4), 265–276
Mukkamala, R., Atluri, V., Warner, J.: A Distributed Service Registry for Resource Sharing among Ad-hoc Dynamic Coalitions. In: Proc. of IFIP Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems, Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Belsis, P., Gritzalis, S., Skourlas, C., Tsoukalas, V. (2007). Design and Implementation of Distributed Access Control Infrastructures for Federations of Autonomous Domains. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)