A Generalized Model for Internet-Based Access Control Systems with Delegation Support

  • Utharn Buranasaksee
  • Kriengkrai Porkaew
  • Umaporn Supasitthimethee
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 115)


In the web environment, web browsers use HTTP/HTTPS to communicate between users and web/application servers. However, many internet activities require interactions among three parties without compromising confidentiality. For example, an e-commerce transaction requires a buyer to authorize an e-commerce website to withdraw money from the buyer’s bank account at an internet banking website. Although several existing works have been proposed to solve this problem, they are done in ad-hoc manners or lack of some important properties. This paper proposes a model, called PRA (Provider-Requestor-Authorizer), for generalizing three-party communication in the web-environment in order to identify desirable properties that can be used to measure the goodness of protocols for and classify them. We found that PRA model can generalize three-party communication protocols to a single model from conceptual level to implementation level.


design implementation distributed access control distributed system classification delegation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    OpenID Authentication 2.0, http://openid.net/specs/openid-authentication-2_0.html (accessed 30 June 2012)
  2. 2.
    Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated Security: The Shibboleth Approach. In: EDUCAUSE Quarterly, vol. 27, pp. 12–17 (2004)Google Scholar
  3. 3.
    Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0., https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (Accessed 30 August 2012)
  4. 4.
    González, J.F., Rodríguez, M.C., Nistal, M.L., Rifón, L.A.: Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems. Computers & Security 28, 843–856 (2009)CrossRefGoogle Scholar
  5. 5.
    OAuth Core 1.0a, http://oauth.net/core/1.0a/ (accessed 30 June 2012)
  6. 6.
    The OAuth 2.0 Authorization Framework, http://tools.ietf.org/html/draft-ietf-oauth-v2-30 (accessed 30, June 2012)
  7. 7.
    Schiffman, J., Xinwen, Z., Gibbs, S.: DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 95–102 (2010)Google Scholar
  8. 8.
    Alam, M., Zhang, X., Khan, K., Ali, G.: xDAuth: a scalable and lightweight framework for cross domain access control and delegation. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 31–40. ACM, New York (2011)Google Scholar
  9. 9.
    OAuth 2.0 Threat Model and Security Considerations, http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-07 (accessed 20 August 2012)
  10. 10.
    Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Proceeding of the 11th European Symposium on Research in Computer Security, pp. 174–191 (2006)Google Scholar
  11. 11.
    Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments. In: Cruz, I., Decker, S., Allemang, D., Preist, C., Schwabe, D., Mika, P., Uschold, M., Aroyo, L.M. (eds.) ISWC 2006. LNCS, vol. 4273, pp. 473–486. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Google Docs, http://www.google.com/google-d-s/b1.html (accessed 30 August 2012)
  13. 13.
    Facebook, http://www.facebook.com (accessed 30 August 2012)
  14. 14.
    Microsoft account, https://account.live.com/ (accessed 30 August 2012)

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2013

Authors and Affiliations

  • Utharn Buranasaksee
    • 1
  • Kriengkrai Porkaew
    • 1
  • Umaporn Supasitthimethee
    • 1
  1. 1.School of Information TechnologyKing Mongkut’s University of TechnologyBangkokChina

Personalised recommendations