Advertisement

MIERA: Method for Inter-Enterprise Role-Based Authorization

  • Heiko Ludwig
  • Luke O’Connor
  • Simon Kramer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1875)

Abstract

This paper addresses the problem of inter-enterprise transaction authorization, as required when an employee of one organization commissions work to another organization. On receiving an order from another organization, a company wants to be sure that the sender is actually entitled to do so within his or her organization. The MIERA scheme can be used for both intra- and inter-enterprise authorization and bases the decisions on roles. We define an authorization tree for a transaction type that determines which combination of roles can authorize such transactions. This tree allows the order-receiving organization to verify whether the order-sending employee was properly authorized.

Keywords

Department Head Authorization Structure Authorization Attribute Transaction Type Authorization Decision 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Lampson, B. W.: Protection. In: Proc. 5th Princeton Symposium of Information Sciences and Systems, Princeton University (1971) 437–443; reprinted in ACM Operating Systems Rev. 8(1) (1974) 18–24Google Scholar
  2. 2.
    Denning, D. E.: Cryptography and Data Security. Addison-Wesley, Reading, MA (1982)zbMATHGoogle Scholar
  3. 3.
    Dennis, J. B., VanHorn, E. C.: Programming Semantics for Multiprogrammed Computations. Commun. ACM 9(3) (March 1966) 143–155Google Scholar
  4. 4.
    Graham, G. S., Denning, P. J.: Protection-Principles and Practice. In: AFIPS Spring Joint Computer Conference, Vol. 40 (1972) 417–429Google Scholar
  5. 5.
    Thomas, R., Sandhu, S.: Task-based Authorization: A Paradigm for Flexible and Adaptable Access Control in Distributed Applications. In: Proc. 16th NIST-NCSC National Computer Security Conference, Baltimore, MD (1993) 409–415Google Scholar
  6. 6.
    Woo, T. Y. C., Lam, S. S.: Authorization in Distributed Systems: A New Approach. J. Computer Security 2(2,3) (1993) 107–136Google Scholar
  7. 7.
    Thomas, R. K., Sandhu, R. S.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise Oriented Authorization Management. In:T.Y. Lin, S. Qian (Eds.) Database Security XI: Status and Prospects, IFIP TC11 WG11.3 11th Int’l Conf. on Database Security (Chapman & Hall, 1998) 166–181Google Scholar
  8. 8.
    Neuman, B. C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Commun. 32(9) (1994) 33–38CrossRefGoogle Scholar
  9. 9.
    Trostle, J. T., Neuman, B. C.: A Flexible Distributed Authorization Protocol. In: Proc. Symposium on Network and Distributed Systems Security (1996): http://bilbo.isu.edu/sndss/sndss96.html
  10. 10.
    Kaiser, P., Parker, T., Pinkas, D.: SESAME: The Solution to Security for Open Distributed Systems. Computer Commun. 17(7) (1994) 501–518CrossRefGoogle Scholar
  11. 11.
    McMahon, P. V.: SESAME V2 Public Key and Authorization Extensions to Kerberos. In: Proc. Symposium on Network and Distributed System Security (NDSS). IEEE Computer Society Press, Los Alamitos, CA (1995) 114–131CrossRefGoogle Scholar
  12. 12.
    Blaze, M., Feigenbaum, J., Keromytis, A. D., Ioannidis, J.: The KeyNote Trust-Management System. Internet draft, draft-ietf-trustmgt-keynote-00.txt, Trust Management Working Group, August 1998Google Scholar
  13. 13.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. IEEE Symposium on Privacy and Security. IEEE Computer Society Press, Los Alamitos, CA (1996) 164–173Google Scholar
  14. 14.
    Ching, N., Jones, V., Winslett, M.: Authorization in the Digital Library: Secure Access to Services across Enterprise Boundaries. In: Proc. Advances in Digitial Libraries’ 96. IEEE Computer Society Press, Los Alamitos, CA (1996) 110–119CrossRefGoogle Scholar
  15. 15.
    Woo, T. Y. C., Lam, S. S.: Designing a Distributed Authorization Service. In: Proc. IEEE INFOCOM’ 98, San Francisco (April 1998)Google Scholar
  16. 16.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton, FL (1996)Google Scholar
  17. 17.
    Farrell, S.: An Internet AttributeCertificate Profile for Authorization, August 20, 1998: http://www.ietf.org/internet-drafts/draft-ietf-tls-ac509prof-00.txt
  18. 18.
    ISO/IEC 9594, Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, 1993. Also published as ITU-T X.509 (1997 E) Recommendation, June 1997Google Scholar
  19. 19.
    Merkle, R. C.: A Certified Digital Signature. In: Brassard, G. (Ed). Advances in Cryptology, CRYPTO 89, Lecture Notes in Computer Science, Vol. 218. Springer, Berlin Heidelberg (1989) 218–238Google Scholar
  20. 20.
    Ludwig, H., O’Connor, L., Kramer, S.: MIERA: A Method for Inter-Enterprise Role-Based Authorization. IBM Research Report, RZ 3208, Zurich, February 2000Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Heiko Ludwig
    • 1
  • Luke O’Connor
    • 1
  • Simon Kramer
    • 2
  1. 1.Zurich Research LaboratoryIBM ResearchRüchlikonSwitzerland
  2. 2.École PolitechniqueFédérale de LausanneLausanneSwitzerland

Personalised recommendations