Abstract
When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.
Similar content being viewed by others
References
Agudo I, Lopez J, Montenegro JA (2005) A representation model of trust relationships with delegation extension. In: 3rd international conference on trust management, iTrust 2005, vol 3477 of Lecture Notes in Computer Science. Springer, pp 116–130
Agudo I, Lopez J, Montenegro JA (2005) A graphical delegation solution for X.509 attribute certificates ERCIM News. SPECIAL THEME: Security and Trust Management No. 63, October, pp 33–34. ISSN: 0926-4981
Agudo I, Lopez J, Montenegro JA (2006) Graphical representation of authorization policies for weighted credentials. In: 11th Australasian conference on information security and privacy. (ACISP’06), LNCS 4058, Springer. Melbourne, Australia, pp 383–394, July
Bray T, Paoli J, Sperberg-McQueen C, Maeler E, Yergeau F (2006) Extensible markup language (XML) 1.0. 4th edn. W3C Recommendation. 16 August 2006
Blaze M, Feigenbaum J, Ioannidis J, Keromytis A (1999) The keynote trust-management system version 2. RFC 2704
Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: IEEE symposium on security and privacy. IEEE Computer Society Press, pp 164–173
Corcho O, Fernandez-Lopez M, Gomez-Perez A (2003) Methodologies, tools and languages for building ontologies. Where is their meeting point?. Data Knowledge Eng 46(1):41–64, July
DAML+OIL Web Ontology Language. http://www.w3.org/TR/daml+oil-reference
Ellison C, Frantz B, Lacy J (1996) Simple public key certificate. Internet Draft draft-ietf-spki-cert-structure-06.txt
Ellison C (1999) SPKI Certificate Theory, RFC 2693
Erdos M, Cantor S (2002) Shibboleth-Architecture DRAFT v05, May
Gruber T (1995) Toward principles for the design of ontologies used for knowledge sharing. Int J Human-Computer Stud 43(5–6):907–928, November
Hughes J (2004) SAML technical overview. OASIS. Document id sstc-saml-tech-overview-1.1-cd
Hughes J (2005) SAML technical overview. OASIS. Document id sstc-saml-tech-overview-2.0-draft-03
ITU-T Recommendation X.509 (1997) Information technology - open systems interconnection. The directory: authentication framework, June
ITU-T Recommendation X509 (2000) Information technology open systems interconnection. The directory: public-key and attribute certificate frameworks, March
Kaliski B. A Layman’s Guide to a Subset of ASN.1, BER, and DER. RSA Laboratories Technical Note, November
Knublauch H, Fergerson R, Noy N, Musen M (2004) The protege OWL plugin: an open development environment for semantic web applications. The 3rd international semantic web conference (ISWC 2004). Springer, pp 229–243
Landau S, Hodges J (2003) A brief introduction to liberty. http://research.sun.com/liberty/_intro/ABItL/ID-FF.html
Li N, Mitchell J, Winsborough W (2002) Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy. IEEE Computer Society Press, pp 114–130, May 2002
McGuinness D, van Harmelen F. OWL web ontology language overview. http://www.w3.org/TR/owl-features/
Mundy D, Chadwick D (2004) An XML alternative for perfomance and security: ASN.1. In: IEEE IT Professional, 6(1). IEEE Computer Society Press, pp 30–36
OWL Working Group. http://www.w3.org/2007/OWL/
Sahuguet A, Brands S, Cameron K, Conor C, Pichelin A, Ar Foll F, Neuenschwander M (2006) Identity management on converged networks: a reality check. In: Proceedings of the 15th international conference on world wide web (Edinburgh, Scotland, 23–26 May 2006). WWW ’06. ACM Press, New York, NY, pp 747–747
Seamons K, Winslett M, Yu T (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the symposium on network and distributed system security, (NDSS’01), pp 109–125, February 2001
Sirin E, Parsia B, Cuenc B, Kalyanpur A, Katz Y (2007) Pellet: a practical OWL-DL reasoner. J Web Semantics 5(2):51–53
Rivest R, Lampson B (1996) SDSI -a simple distributed security infrastructure. In: 6th annual international cryptology conference. Santa Barbara, California, USA, 18–22 August 1996
Yuan E, Tong J (2005) Attributed based access control (ABAC) for web services. In: IEEE international conference on web services (ICWS’05), pp 561–569
Winsborough W, Jacobs J (2003) Automated trust negotiation in attribute-based access control DISCEX (2):252–258
Winsborough W, Li N (2006) Safety in automated trust negotiation. ACM Trans Inf Syst Security 9(3):352–390
Winsborough W, Seamons K, Jones V (2000) Automated trust negotiation. In: DARPA information survivability conference and exposition, vol I. IEEE Press, pp 88–102, January
Zhdanova A, Keller U (2005) An choosing an ontology language. The second world enformatika conference, WEC’05, 25–27 February 2005. Istanbul, Turkey
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Agudo, I., Lopez, J. & Montenegro, J.A. Enabling Attribute Delegation in Ubiquitous Environments. Mobile Netw Appl 13, 398–410 (2008). https://doi.org/10.1007/s11036-008-0062-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-008-0062-4