Usable Access Control in Collaborative Environments: Authorization Based on People-Tagging
We study attribute-based access control for resource sharing in collaborative work environments. The goal of our work is to encourage sharing within an organization by striking a balance between usability and security. Inspired by the great success of a number of collaboration-based Web 2.0 systems, such as Wikipedia and Del.icio.us, we propose a novel attribute-based access control framework that acquires information on users’ attributes from the collaborative efforts of all users in a system, instead of from a small number of trusted agents. Intuitively, if several users say that someone has a certain attribute, our system believes that the latter indeed has the attribute. In order to allow users to specify and maintain the attributes of each other, we employ the mechanism of people-tagging, where users can tag each other with the terms they want, and tags from different users are combined and viewable by all users in the system. In this article, we describe the system framework of our solution, propose a language to specify access control policies, and design an example-based policy specification method that is friendly to ordinary users. We have implemented a prototype of our solution based on a real-world and large-scale people-tagging system in IBM. Experiments have been performed on the data collected by the system.
KeywordsAccess Control Trust Management Relevant Score Access Control Policy Importance Score
Unable to display preview. Download preview PDF.
- 1.Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote trust-management system, version 2. IETF RFC 2704 (September 1999)Google Scholar
- 3.Farrell, S., Lau, T.: Fringe contacts: People-tagging for the enterprise. In: WWW 2006: Collaborative Web Tagging Workshop, Edinburgh, Scotland (2006)Google Scholar
- 5.Jason Program Office. Horizontal Integration: Broader Access Models for Realizing Information Dominance. The MITRE Corporation (December 2004)Google Scholar
- 6.Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
- 8.Najafian Razavi, M., Iverson, L.: Supporting selective information sharing with people-tagging. In: ACM Conference on Human Factors in Computing Systems (CHI) (Work-in-Progress), pp. 3423–3428. ACM Press, New York (2008)Google Scholar
- 9.Wang, Q., Jin, H.: Selective message distribution with people-tagging in user-collaborative environments. In: ACM Conference on Human Factors in Computing Systems (CHI) (Work-in-Progress), pp. 3423–3428. ACM Press, New York (2009)Google Scholar
- 10.Wang, Q., Jin, H., Nusser, S.: Automatic categorization of tags in collaborative environments. In: Proceedings of the International Conference on Collaborative Computing (CllaborateCom), ICST (2008)Google Scholar
- 12.Xu, Z., Fu, Y., Mao, J., Su, D.: Towards the semantic web: Collaborative tag suggestions. In: WWW 2006: Collaborative Web Tagging Workshop, Edinburgh, Scotland (2006)Google Scholar