Approximating Saml Using Similarity Based Imprecision

  • Guillermo Navarro
  • Simon N. Foley
Conference paper
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 190)


With the increasing complexity of networked systems has come the trade-off of security versus functionality; a strictly secured system is often an unusable system. As a consequence, users often entirely bypass security in order to get their job done. We consider how similarity techniques that are used by case-based reasoning systems can be used to provide a degree of control over how strictly/precisely security is enforced. The flexibility to be able to meaningfully control how strictly security is enforced is especially relevant in the emerging Web Services architectures, where a wide variety of different users and heterogeneous systems use a common framework to interoperate with a wide variety of different resources and services. The paper proposes similarity-based imprecision security (SBIS) for the Security Assertion Markup Language (SAML) as an approach to managing security in a web-services environment.


Imprecise security SAML Case-Based Reasoning access control 


  1. Aamodt, A. and Plaza, E. (1994). Case-based reasoning: Foundational issues, methodological variations, and system approaches. AICom-Artificial Intelligence Communications, 7(1).Google Scholar
  2. Adams, A. and Sasse, M. A. (1999). Users are not the enemy. Commun. ACM, 42(12).Google Scholar
  3. Blakley, B. (1996). The emperor’s old armor. In Proceedings of the 1996 workshop on New security paradigms.Google Scholar
  4. Coyle, L., Doyle, D., and Cunningham, P. (2004). Representing similarity for CBR in XML. In Advances in Case-Based Reasoning (Procs. of the Seventh European Conference).Google Scholar
  5. Foley, S. N. (2002). Supporting imprecise delegation in keynote using similarity measures. In Proceedings of International Security Protocols Workshop.Google Scholar
  6. Hayes, C. and Cunningham, P. (1999). Shaping a CBR view with XML. In Proceedings of the Third International Conference on Case-Based Reasoning and Development, ICCBR-99.Google Scholar
  7. OASIS (2005). Assertions and Protocols for the OASIS Secure Assertion Markup Language (SAML) v2.0. sstc-saml-core-2.0-cd-04, Committee Draft 04.Google Scholar
  8. Odlyzko, A. (2003). Economics, psychology, and sociology of security. In Financial Cryptography: 7th International Conference.Google Scholar
  9. Osborne, H. and Bridge, D. (1997). Models of similarity for case-based reasoning. In Procs. of the Interdisciplinary Workshop on Similarity and Categorisation.Google Scholar
  10. Povey, D. (2000). Optimistic security: a new access control paradigm. In Proceedings of the 1999 Workshop on New Security Paradigms.Google Scholar
  11. Rissanen, E., Firozabadi, B. Sadighi, and Sergot, M. (2004). Towards a mechanism for discretionary overriding of access control. In 12th International Workshop on Security Protocols.Google Scholar
  12. Smetters, D. K. and Grinter, R. E. (2002). Moving from the design of usable security technologies to the design of useful secure applications. In Proceedings of the 2002 Workshop on New Security Paradigms.Google Scholar
  13. Whitten, A. and Tygar, J. D. (1999). Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium.Google Scholar
  14. Yan, J., Blackwell, A., Anderson, R., and Grant, A. (2004). Password memorability and security: Empirical results. IEEE Security & privacy, 2(5).Google Scholar
  15. Zurko, M. E. and Simon, R. T. (1996). User-centered security. In Proceedings of the 1996 Workshop on New Security Paradigms.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Guillermo Navarro
    • 1
  • Simon N. Foley
    • 2
  1. 1.Dept. of Information and Communications EngineeringUniversitat Autonoma de BarcelonaBellaterraSpain
  2. 2.Dept. of Computer ScienceUniversity CollegeCorkIreland

Personalised recommendations