Situational Identity: a Person-centered Identity Management Approach
|
|
- Arline Whitehead
- 8 years ago
- Views:
Transcription
1 Situational Identity: a Person-centered Identity Management Approach Tatyana Ryutov and Clifford Neuman Information Sciences Institute University of Southern California 4676 Admiralty Way, Suite 1001, Marina del Rey, CA Technical Report ISI-TR-630 Abstract Emerging personalized context-aware services require collection and analysis of user related information. User centered identity management becomes a key technology for controlling personal information. In our view, true user-centered identity management is more than just letting users (vs. institutions) manage their personal information. It is an individualistic approach that recognizes the unique needs of an individual; dependent upon personal preferences, psychological traits and situational factors. In this paper we consider a user-centered identity negotiation approach built upon the social concept of situational identity which varies across time and place according to the needs and expectations of the individual. Selective disclosure allows a user to maintain different personas for different interaction environments (to emphasize this, we name our approach person-centered rather than more conventional user-centered). Situational identity incorporates purposeful construction of an identity with strategic outcome in mind. Preferable outcome can be expressed in terms of desired privacy, monetary benefits, safety or other factors. This is consistent with how people interact in the physical world. The approach accounts for the influence of social theory and contextual information that characterizes particular situation. 1. Introduction Our life in a digital world has changed dramatically: today activities such as shopping, discussion, entertainment, business and scientific collaboration are conducted in the cyber world. These changes greatly influence our understanding of digital identity and access management paradigms. This paper takes a new look at identity management, and proposes a solution built upon the social concept of situational identity which varies across time and place according to the needs and expectations of the individual. Traditionally, identity management has been viewed from a service provider s point of view, for maintenance of account information to control access to resources owned by an organization. The risk resided on the side of the resource provider and, therefore, access control policies took into account only interests of the resource owners. Computer mediated interactions evolved from single organization to an open world. Maintaining identifiers and accounts for all potential users is not practical. Authenticating the identity (in traditional sense) of a stranger may not provide sufficient information for access control purposes. The decision to grant access is often based on the characteristics of the requestor rather than its identity [2] [3].
2 Current interactions involve mutual exchange of resources that each party controls and values. For example, users provide credit card numbers in exchange for goods or services. Often people cannot access a service without submitting profile information. For example, in order to access a corporate white paper, one has to supply , affiliation and other information that may be used by the corporation to send advertisements or could be sold to other companies. Early computer mediated interactions have tended to be one-way and very impersonal. Now service providers are increasingly urged to offer personalized services, which recognize the unique needs of individual consumers. In order to provide specific personalized value-added services the collection and analysis of user related information is essential. These trends require users to disclose a rich set of information including dynamic properties (e.g., user s current location, environment) and sensitive personal information which can be bought and sold. A number of user centered identity management approaches [5][8][9][12] are emerging to allow increased control over personal data. However, these solutions do not address complex perceptions that people have about interactions: whether to participate in the interaction, what information to release to which entity under certain circumstances, and the effects of disclosure. Current systems are based on simple and rigid models, which lack a methodology for dealing with an individual in the digital world. We believe that true user-centered identity management approach should not only give users control over their personal information (e.g., medical, financial and employment records), but also recognize the unique needs of an individual. The richness of electronic communications mirrors physical world experience. Resources may be accessed in a variety of contexts: social, business, government, health care, etc. To provide an intuitive way for users to deal with the complexity and richness of the computer mediated interactions, we propose an approach that explicitly models a largely unconscious way people interact in social environments. In physical world, any individual holds multiple identities and chooses to engage the identity most appropriate for that particular context. With little consciousness, people quickly evaluate the context of a given situation and determine which segment of their identity to convey. We attempt to model this process, by proposing a tool which implements (with certain limitations) a concept of situational identity. Partial identities [10] and facets [4][11] have been proposed to let people switch identities between different contexts. These approaches are mostly concerned with user privacy. The novelty of this work lies in providing additional flexibility for users to decide which identity to present based on personal preferences and strategic outcome in mind. Preferable outcome can be expressed in terms of desired privacy, monetary benefits, positive self presentation, safety or other factors. For example, based on a personality, a user may choose to act as a thrifty shopper, a privacy concerned shopper or a merchant reliability concerned shopper. To make this approach practical, the access management policies must be defined in a way to support user choice. This approach is close in spirit to the secure networked architecture based on interlocking rings (SNAIR) under development at ISI. In this system, the level of trust placed in architectural components and the type of a virtual system employed vary according to situational context and perspective of a node running part of a virtual system.
3 2. What is digital identity? Digital identity is a complex notion that is not fully understood and is still a subject of research. Clearly, the concept of identity is far broader than just a name that uniquely identifies a person or an account/password combination. To answer the question of digital identity, we need to look at it from the perspectives of resource provider and requester. In order to engage in a transaction, resource provider and requester have to go through an identity negotiation stage. During this stage both resource provider and requestor try to agree on each other identity they are willing to accept. For the purpose of this paper we are only interested in negotiation of the user identity. In open environments, a resource provider is more concerned with identity that allows it to judge trustworthiness of the party making a request relative to a resource, rather than with differentiating one identified individual from another. For a resource provider, identity is information about the requestor that predicts behavior of the requestor with respect to requested resources. In particular, when there is evidence that the user behaves as expected, the trust in such user is high. A resource provider needs information that assures it of likelihood of appropriate user behavior. For example, to provide access to an expensive on-line scientific instrument, the owner may consider user information, such as membership at a research lab and certification of completed training with a high score (a form of reputation) to guarantee safe instrument operation (expected behavior) by the user. From a user perspective, the decision to present a particular identity is based on situational context of the interaction, the communication partner and personal considerations. To support person-centered identity negotiation, a resource provider needs to accept more than one type of identity. A user needs to understand his options and select the best identity for the context. This choice will influence nature and extent of user participation, which in turn affects the risks and exposure of communicating parties. We believe that the social concept of situational identity provides an intuitive way to support user decisions during the identity negotiation process. 2.1 Situational Identity Situational identity arises when an individual constructs and presents any one of a number of possible social identities, depending on the situation: a religion, an ethnicity or lifestyle - as the context deems a particular choice desirable or appropriate [19]. The notion of situational identity is a dynamic one, in contrast to that of fixed identity. In real world, people easily switch between different situational identities. For example, a person who is half Italian half French may want to identify with a particular ethnicity in some social situation (e.g., attending a soccer game). This choice may even be crucial for his personal security. Situational identity already exists in current systems but is not regarded as such. For example, in role based access control (RBAC) [15] systems, users may take on different roles based on a specific task. For example, a user may take a Programmer role most of the time and switch to an Administrator role only when he needs to run protected privileged commands, such as accessing passwords, installing software, etc. The user s choice to act with reduced privileges most of the time is dictated by the wish to keep system operation safe, trading user convenience for system safety.
4 In the physical world, a person is able to judge a situation and decide what the desirable outcome is and what he wants to disclose. However, relatively little is known about how people make decisions when to disclose personal information, and how much information to reveal in any given situation. Possible aspects include positive self presentation, privacy, costs and benefits of disclosure, and trust. A positive self-presentation is necessary for a person to deal effectively with the world. When developing a presentation to create a desired impression, people assess what is appropriate and expected in the situation, and select the presentation depending on one s personality [4]. Concerns about online privacy stem from the technology's ability to monitor and archive almost every aspect of users' behavior. Often a person desires privacy out of fear that information may be used against him. People usually prefer to know more about others while hiding their own shortcomings. This is consistent with the desire to maintain a positive self concept. People have a level of privacy that varies across individuals based on person s own perceptions and values. The multitude and variety of services that are becoming available to users (as well as different user personalities) lead us to believe that privacy is not the only concern. For example, if one has a choice whether to pay for a hotel with a credit card and get a discount (money back) or cash, the choice would depend on whether it is preferable to preserve anonymity or pay less. Perceived trust assertions identified for the target service influence the way a user interacts with the service. Trust is subjective: it is a personal opinion which depends on a situation and user personality. For example, one online customer may participate in a transaction without taking into account reliability of merchants, payment/delivery services, legal mechanisms that compensate losses, etc. Another user in the same situation may evaluate purchases quite differently, being reluctant to disclose identity and payment details to some service providers. 2.2 Acquisition of Situational Context Situational context refers to the aspects of the interaction and environment that suggest appropriate and expected behavior, risks, goals and value of interactions. When assessing contextual information, people rely on previous experiences and categorization to develop mental models of these situations and learn to associate particular fragments of their identity with specific situational contexts [4]. People compare the current environment to their mental model and make assumptions. A typical person cannot describe his mental models and in many situations people are not even aware that these mental models exist. A mental model may not necessarily reflect a situation accurately. Still, it provides the necessary framework for people to quickly determine how to best present themselves. A number of possible online situations can be very large; categorization helps to reduce it to a smaller number of relevant contexts. For example, situations such as buying a book and buying a CD could be considered instances of buying a product situation where a user expects to be presented with several payment options and be asked for a shipping address. In this context, the user may opt for monetary benefits when buying from trusted merchants and for greater privacy when dealing with unknown sellers. 3. Overview of a Situational Identity Management Tool
5 Increasing the number of identifiers and credentials that a user must manage can make a system unmanageable. Automation and system support is needed to manage situational identities in the digital world. By having the tools to control which aspects of identity to present in a particular situation, people can more appropriately organize and control their presentation to meet their needs, including the desire for privacy, perceived social acceptability, safety, and monetary benefits. In this section we provide a non technical overview of a tool for managing situational identities. We believe that rational choice theory [7] approach from social science is a promising way to build such a tool. In rational choice theory, individuals are seen as motivated by the goals that express their personal preferences. The theory is based on an idea that human actions are fundamentally rational in character and that people calculate the likely costs and benefits of any action before deciding what to do. Rational choice theory postulates that individuals must anticipate the outcomes of alternative courses of action and calculate the best alternative. Consider a personal tamper resistant hardware device which acts as a user agent for two main purposes: 1. The device securely stores identifiers and credentials from different service providers. These attributes include the identities held by a person ranging from significant that uniquely identify a person (e.g., birth certificate, social security number, passport, and drivers' license), to less significant: memberships in different organizations, affiliations, gender, etc. For each stored attribute, the tool maintains metadata that describes attribute sensitivity and other information. 2. When a user needs to access a particular service, the tool learns the security requirements of the target service and constructs relevant situational identity based on the context of interaction, outcome preferred by the user and the metadata associated with the stored attributes. To calculate a situational identity for a particular interaction, the tool acts as a rational decision maker according to the assumptions of rational choice theory: 1. The agent is goal oriented: it tries to maximize the benefit, therefore it always chooses the most preferred option; 2. The agent has sets of hierarchically ordered preferences, or utilities. This assumes a choice between alternatives and the possibility of rank ordering of these alternatives. 3. In choosing lines of behavior, agent makes rational calculations with respect to: o determining and evaluating the consequence of each alternative; o determining the utility of each consequence with reference to the preference hierarchy; o discovering the best way to maximize the utility. Formally, an agent needs to calculate the situational identity in an interaction with a party I who has security requirements S given the context of an interaction x k (x k is a subset of X that is a set of all possible contexts). The agent faces solution choices a i (subsets of user attributes that satisfy the requirements S) from the set of alternatives A = {a 1, a 2,, a n }. The task of the agent is to single out one element of A. The scheme of the choice procedure employed by the rational agent is as follows: First, the tool calculates a set of all possible consequences C j = {c 1, c 2,, c m } of presenting the subset of user attributes a i to the communicating party on each alternative a i, described by a consequence function Cons(a i ) C j. C j is a subset of C that is a set of all possible consequences.
6 To evaluate trust in the communicating party I given context x k, the agent employs function Trust_Eval(I, x k ) t m. The agent defines a preference relation Util over C (probably represented by a numerical function) in a given context x k according to desired outcome p n - a subset of P that is a set of all possible outcomes, Util (p n, x k, t m, C j ) n l, n l in N, N is a set of positive numbers. The agent then chooses, from the set A, the alternative a i that yields the best consequence - that is, the agent solves the optimization problem max ai in A Util(p n, x k, t m, Cons(a i )). In other words, the preference relation on A is induced from the composition of the consequence function and the preference relation on C. Utility is influenced by user personality. To illustrate our approach, consider an example: a user wants to access an online conference room and needs to interact with an online smart lock via the situational identity tool. First, the tool needs to learn security requirements S. Assume that the lock s access control policy states: a person can enter the online room if he is in the database of invited people (requires revealing user identity), or he is an employee of Company A and pays $5, or if he is anonymous and pays $15. There is obviously a choice of attributes that satisfy the requirements. Let us say the user wants to stay anonymous (the privacy is the most desirable outcome). In this case the tool tries to construct the situational identity by revealing the least number of the least sensitive credentials, for example a person who pays $15 which is presented to the lock. However, if user wants to balance privacy and payment, than the choice is to identify the person as employee of Company A. Note that capabilities fit well within the framework a capability defines an anonymous person who has access to the service. Generally, capabilities will be assigned the lowest sensitivity level. If anonymity is desired, than the system will retrieve a capability first. In other cases other credentials might make more sense for the user. For example, consider the case when the user is not concerned with privacy and the service offers the first time users (that need to disclose some information) a gift or a promotional discount. We now consider the tool operation in more details. Let X be a set of possible contexts maintained by the tool: X = {shopping, work, leisure} Assume than a trust evaluation function returns three values: Trust_Eval(I, x k ) = {low, medium, high} Let P be a set of user desired outcomes in all possible contexts: P = {privacy, monetary_benefit, {privacy, monetary_benefit}} Let C be a set of all possible consequences: C = {reveal_identity, reveal_affiliation, cash_$x, no_payment } Let A be a set of alternatives constructed by the tool based on the security requirements S: A = {Name, {Emploee_of_A, payment_$5}, payment_$15} The agent selects context work as the most appropriate and calculates the trust level for the interaction party: Trust_Eval(Lock, work) = high Next, the tool calculates consequences of each alternative: Cons(Name) c 1 = (reveal_identity, no_payment) Cons({Emploee_of_A, payment_$5}) c 2 = (reveal_affiliation, cash_$5) Cons(payment_$15) c 3 = (anonymous, cash_$15)
7 Assume that utility function is 0 Util(p n, x k, t m, Cons(a i ) 10 The agent now has to calculate utility for each of the possible outcomes. Not all of these calculations have to be done in real time. For example, the following calculations could be precomputed and stored along with the credentials: Util(privacy, work, high, reveal_identity ) 2 Util(privacy, work, medium, reveal_identity ) 1 Util(privacy, work, low, reveal_identity ) 0 Util(privacy, work, high, reveal_afffiliation ) 3 Util(privacy, work, medium, reveal_afffiliation ) 2 Util(privacy, work, low, reveal_afffiliation ) 1 Util(privacy, work, high, anonymous) 8 Util(privacy, work, medium, anonymous) 9 Util(privacy, work, low, anonymous) 10 Util(monetary_benefit, work, high, no_payment) 9 Util(monetary_benefit, work, medium, no_payment) 8 Util(monetary_benefit, work, low, no_payment) 7 6 Util(monetary_benefit, work, high/medium/low, cash_$x) > Util(monetary_benefit, work, high/medium/low, cash_$y) for all x,y: x < y Util({privacy,monetary_benefit}, work, high/medium/low, reveal_identity) 2 Util({privacy,monetary_benefit}, work, high/medium/low, cash_x) 7 Util({privacy,monetary_benefit}, work, high/medium/low, no_payment) 4 The agent calculates the utility of each alternative with respect to privacy, if user desired outcome is privacy and chooses to present alternative payment_$15: Util(privacy, work, high, c 1 ) 2 Util(privacy, work, high, c 2 ) 3 Util(privacy, work, high, c 3 ) 8 If the desired outcome is to pay less, the agent chooses to present Name: Util(monetary_benefit, work, high, c 1 ) 9 8 Util(monetary_benefit, work, high, c 2 ) > Util(monetary_benefit, work, high, c 3 ) If the user wants to balance money and privacy, the choice would be to present {Emploee_of_A, payment_$5. After the situational identity is constructed, the system needs to authenticate it to the service. 4. Discussion and Future Work In this section we briefly outline some research challenges that should be addressed to support automated situational identity management paradigm. As discussed in the previous chapter, the agent needs to find out an outcome preferable for a user for each interaction type. The tool can store a catalog that links different service types, situational contexts and user goals. However, it is burdensome for users to setup all polices in advance. A valuable situational identity management tool must reduce user effort. We want the system to be as unobtrusive, as possible. Therefore, the tool should be able to learn based on how the individual interacts in various situational contexts. The system should make guesses, allow a user to alter the assumptions, and remember user decisions which could be applied automatically in the future.
8 In our example, situational identity represents a collection of user attributes. This representation could be extended to include additional conditions. These conditions could be context related (e.g., require evaluation of some system predicates); usage related (e.g., restrictions about the secondary usage of the identity information once released to a communicating party); or define a set of obligations which require the party to take additional steps [6]. This provides additional flexibility but makes the system more complex. In particular, this approach may require the parties to participate in a negotiation process to agree upon the set of conditions associated with the identity information. In our future work we will consider specification of the exact structure of security requirements R, situational contexts X, possible consequences C, and user preferable outcomes P. The security requirements must support the situational identity idea; in other words a user should have a choice of alternatives. The type of access granted to a user should depend on the asserted identity which affects the trust that the service places with the user. If no appropriate credentials are found (generated situational identity a i is empty), either the user should relax the restrictions or the service needs to reconsider the requirements (may require negotiation). Other research directions will include developing an approach to represent metadata about user attributes in order to support the rational decision maker approach and modeling procedural aspects of the decision making process. We need to understand how to construct the set of possible consequences C, and how to define the utility function Util() which embodies individual preferences for outcomes of a transaction. Another issue is the uncertainties in situations when the tool can not determine and evaluate the consequence of each alternative due to, for example, insufficient information. In our example, the agent is fully aware of the set of alternatives from which it has to choose. It neither invents nor discovers new courses of actions (the chosen a i cannot be outside the set A). This is a rather restricted approach. Not all the choices could be revealed by the service at once, some could be available as a result of the identity negotiation process. Depending on preferred outcome P, the user can envision different negotiation strategies: bargaining for revealing less sensitive information vs. bargaining for a better deal in terms of money or service guarantees. Trust assertions identified for the target service influence the calculated situational identity, therefore a trust metric is essential for our model. Trust could be calculated based on the third party recommendations and prior interaction experience with the party: positive outcomes of interactions preserve or amplify trust, while trust erodes with negative experiences. When a user has no pre-existing knowledge about the service, initial trust could be established by monitoring the service behavior during the identity negotiation process and adjusting trust values based on the perceived behavior [14]. An example of suspicious behavior is asking for user medical record while negotiating an identity to buy a book. The requested information is clearly out of context and will raise user suspicion. 5. Conclusions Given the security requirements associated with the target service, the user defined desired outcome, and the context of the interaction (includes trust assertion that the user has about the service), the system we propose yields the appropriate subset of user credentials which constitutes situational identity needed to satisfy the requirements. When calculating the situational identity, the system acts as a rational decision maker.
9 The novelty of this work lies in providing additional flexibility for users to automatically decide which identity to present based on personal preferences and strategic outcomes. Preferable outcome can be expressed in terms of desired privacy, monetary benefits, safety or other factors. We anticipate that the proposed system will be particularly valuable in ubiquitous environments where users interact with a number of services (often simultaneously) in a variety of contexts; in such environments an automated personalized identity management tool is indispensable. 6. Related Work A number of emerging identity management solutions are based on the concept of identity federation which provides a mechanism to exchange sensitive user information between service providers located in different security domains. Shibboleth [9] aims to develop new middleware technologies based on the concept of federation of user attributes to facilitate inter organizational collaboration. WS-Federation [1] is an approach to manage the trust relationships in heterogeneous federated environments. It provides support for federated identities, sharing of attributes, and management of pseudonyms. The goal of the Higgins [8] project is to develop a framework that will enable users and enterprises to integrate identity, profile, and relationship information across heterogeneous systems. Liberty Alliance project aims to create a single sign-on system based on a federation of trusted parties. In this system, if an online service S1 trusts another online service S2 to properly authenticate a user, online service S1 can authenticate a user on behalf of online service S2 by passing a SAML [16] token that asserts the user s identity to service S2. Microsoft attempted to create a universal login service -.net passport that allowed users to sign-in at many web sites using just one account. However, users have demonstrated resistance to the notion of a single universally usable digital identity. The selective disclosure inherent in managing independent identities allows users to maintain different personas for different interaction environments. Microsoft s InfoCard [5] [12] digital identity management system supports a number of digital identities represented by a visual Information Cards in the client user interface. The user selects identities represented by InfoCards to authenticate to participating services. Our work is complementary to this approach in automating decisions about what card to present in current context. Attribute-based Access Control (ABAC) [17] [20] and automated Trust Negotiation (TN) are new approaches to access control and authentication in open environments [2][3][13][21] [21]. Unlike traditional identity-based access control, authorization decisions in ABAC are based on requesters attributes which may be sensitive. TN supports ABAC by providing bilateral credential exchange that consists of iteratively disclosing digital credentials. These credentials verify properties of their holders to establish mutual trust. Current ABAC and TN technologies are not sufficiently flexible. Most existing approaches treat credentials as sensitive objects and have security policies to statically control their disclosures, without considering the context of the transaction. These technologies would be greatly enhanced if a user is able to tailor the interaction and exchange of information between the user and the environment based on context, e.g., nature of the interaction, user preferences, user/device location, device properties, etc. We propose a model constructed with flexibility, social nuance,
10 and contextualization as critical design factors. This approach will lead to the development of next-generation ABAC and TN systems. References [1] S. Bajaj, G. Della-Libera, B. Dixon, M. Dusche, M. Hondo, M. Hur, C. Kaler, H. Lockhart, H. Maruyama, A. Nadalin, N. Nagaratnam, A. Nash, H. Prafullchandra, and J. Shewchuk, Web Services Federation Language (WS-Federation). Version 1.0. [2] Bertino, B., Ferrari, E., and Squicciarini, A.C. Trust-X: A Peer-to-Peer Framework for Trust Establishment. In IEEE Transactions on Knowledge and Data Engineering, July [3] Bonatti, P. and Samarati, P. A Unified Framework for Regulating Access and Information Release on the Web. In Journal of Computer Security, 10, 3, (2002), [4] Danah Boyd, Faceted Identity: Managing Representation in a Digital World. Cambridge, MA: MIT Master's Thesis. August 9, [5] Kim Cameron and Michael B. Jones, Design Rationale behind the Identity Metasystem Architecture, [6] E. Damiani, S. De Capitani di Vimercati, P. Samarati, New Paradigms for Access Control in Open Environments, in Proc. of the 5th IEEE International Symposium on Signal Processing and Information, Athens, Greece, December 18-21, [7] A. Heath, Rational Choice and Social Exchange. Cambridge [8] Higgins Trust Framework Project, [9] Internet2. Shibboleth. [10] M. Kohntopp and A. Pfitzmann. Anonymity, unobservability, and pseudonymity - a proposal for terminology. Draft, June [11] Scott Lederer, Everyday Privacy in Ubiquitous Computing Environments, Ubicomp Workshop on Socially-informed Design of Privacy-enhancing Solutions in Ubiquitous Computing, [12] Microsoft. Microsoft s Vision for an Identity Metasystem. Microsoft Whitepaper, [13] W. Nejdl, D. Olmedilla, and M. Winslett, Peertrust: Automated trust negotiation for peers on the semantic web, in Proceedings of the Workshop on Secure Data Management in a Connected World (SDM 04), August/September [14] Tatyana Ryutov, Clifford Neuman, Li Zhou, Noria Foukia. Initial Trust Formation in Virtual Organizations, The International Journal of Internet Technology and Secured Transactions, [15] R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, Role-Based Access Control Models, IEEE Computer, 29(2):38 47, February [16] Security Assertion Markup Language (SAML) OASIS. [17] Skogsrud, H., Benatallah, B., and Casati, F. Model-driven trust negotiation for Web services. IEEE Internet Computing, 7, 6 (Nov./Dec. 2003). [18] S. De Capitani di Vimercati, P. Samarati, and S. Jajodia Policies, Models, and Languages for Access Control [19] Cohen, R. and Kennedy, P. 2000, Global Sociology, MacMillan, London, p [20] L. Wang, D. Wijesekera, and S. Jajodia, A logic-based framework for attribute based access control, in proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, Washington DC, USA, October [21] Winsborough, W. and Li, N. Towards Practical Automated rust Negotiation. In Third International Workshop on Policies for Distributed Systems and Networks (POLICY2002), Monterey, CA, June [22] Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., and Yu, L. Negotiating Trust on the Web. IEEE Internet Computing, 6, 6 (Nov./Dec. 2002). [23] Identity Management. Liberty Alliance Project,
On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems
On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems Ginés Dólera Tormo Security Group NEC Laboratories Europe Email: gines.dolera@neclab.eu
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationAdaptive Trust Negotiation and Access Control
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, Li Zhou, and Clifford Neuman Information Sciences Institute University of Southern California {tryutov, zhou, bcn}@isi.edu Travis Leithead,
More informationHow To Manage Your Information On A Network With A User Account On A Computer Or Cell Phone (For A Free)
On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems Ginés Dólera Tormo Security Group NEC Laboratories Europe Email: gines.dolera@neclab.eu
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationExtending XACML for Open Web-based Scenarios
Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1, Sabrina De Capitani di Vimercati 1, Stefano Paraboschi 2, Eros Pedrini 1, Pierangela Samarati 1, Mario Verdicchio 2 1 DTI - Università
More informationA Semantic Approach for Access Control in Web Services
A Semantic Approach for Access Control in Web Services M. I. Yagüe, J. Mª Troya Computer Science Department, University of Málaga, Málaga, Spain {yague, troya}@lcc.uma.es Abstract One of the most important
More informationPrivacy and Identity Management for Europe
Privacy and Identity Management for Europe Pierangela Samarati Università degli Studi di Milano Milan, Italy samarati@dti.unimi.it Page 1 Vision and Objectives Users disclose vast amounts of personal information
More informationIdentity Management. Critical Systems Laboratory
Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities
More informationRole Based Access Control Framework for Network Enterprises
Role Based Access Control Framework for Network Enterprises Dan Thomsen, Dick O Brien, and Jessica Bogle Secure Computing Corporation 2675 Long Lake Road Roseville, MN 55113 thomsen@securecomputing.com
More informationAccess Control Management in a Distributed Environment Supporting Dynamic Collaboration
Access Control Management in a Distributed Environment Supporting Dynamic Collaboration Basit Shafiq School of Electrical and Computer Engineering, Purdue University West Lafayette, IN, USA shafiq@ecn.purdue.edu
More informationIdentity Management for Web-based Services
Identity Management for Web-based Services Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercate, Pierangela Samarati Università degli Studi di Milano Dipartimento di Tecnologie dell'informazione
More informationA System for Interactive Authorization for Business Processes for Web Services
A System for Interactive Authorization for Business Processes for Web Services Hristo Koshutanski and Fabio Massacci Dip. di Informatica e Telecomunicazioni - Univ. di Trento via Sommarive 14-38050 Povo
More informationFederated authorization for SaaS applications
Federated authorization for SaaS applications Maarten Decat, Bert Lagaisse, Wouter Joosen IBBT-DistriNet, KU Leuven, 3001 Leuven, Belgium Abstract. With Software-as-a-Service (SaaS), a centrally hosted
More informationSecurity challenges for internet technologies on mobile devices
Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],
More informationAn Introduction to Trust Negotiation
An Introduction to Trust Negotiation Marianne Winslett Department of Computer Science, University of Illinois, Urbana IL 61801, USA, winslett@uiuc.edu, http://dais.cs.uiuc.edu/winslett.html Abstract. The
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationA Privacy Preserving Enhanced Trust Building Mechanism for Web Services
A Privacy Preserving Enhanced Trust Building Mechanism for Web s Zhengping Wu, Alfred C. Weaver Department of Computer Science, University of Virginia 151 Engineer's Way, P.O. Box 400740, Charlottesville,
More informationAuthoring Within a Content Management System. The Content Management Story
Authoring Within a Content Management System The Content Management Story Learning Goals Understand the roots of content management Define the concept of content Describe what a content management system
More informationAn Object Oriented Role-based Access Control Model for Secure Domain Environments
International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan. 2007 10 An Object Oriented -based Access Control Model for Secure Domain Environments Cungang Yang Department of Electrical and Computer
More informationSWIFT: Advanced identity management
SWIFT: Advanced identity management Elena Torroglosa, Alejandro Pérez, Gabriel López, Antonio F. Gómez-Skarmeta and Oscar Cánovas Department of Information and Communications Engineering University of
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology
More informationInternet Single Sign-On Systems
Internet Single Sign-On Systems Radovan SEMANČÍK nlight, s.r.o. Súľovská 34, 812 05 Bratislava, Slovak Republic semancik@nlight.sk Abstract. This document describes the requirements and general principles
More informationIdentity Federation in Federated Trust Healthcare Network
Identity Federation in Federated Trust Healthcare Network Abstract Today s internet is composed of numerous heterogeneous network systems. Each system has its own authentication, authorization and identity
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationThe Identity Metasystem: A User-Centric, Inclusive Web Authentication Solution
The Identity Metasystem: A User-Centric, Inclusive Web Authentication Solution Position paper for the W3C Workshop on Transparency and Usability of Web Authentication New York City, March 2006 Michael
More informationRole Based Access Control (RBAC) Nicola Zannone
Role Based Access Control (RBAC) Nicola Zannone 1 DAC and MAC Discretionary Access Control (DAC) Access control determined by the owner of an object Oner can delegate access rights to other users Access
More informationTrait-based Authorization Mechanisms for SIP Based on SAML
Trait-based Authorization Mechanisms for SIP Based on SAML Douglas C. Sicker, University of Colorado Boulder Hannes Tschofenig, Siemens Jon Peterson, Neustar Abstract - This paper presents a method for
More informationAppendix B Data Quality Dimensions
Appendix B Data Quality Dimensions Purpose Dimensions of data quality are fundamental to understanding how to improve data. This appendix summarizes, in chronological order of publication, three foundational
More informationIdentity Management: Key Technologies
Identity Management: Key Technologies Michael Huth imperial.ac.uk/quads Page 1 Key Concepts Subjects: agents that can request access to resources, e.g. you or Microsoft Word Subjects get access by claiming
More informationA Taxonomy of Single Sign-On Systems
A Taxonomy of Single Sign-On Systems Andreas Pashalidis and Chris J. Mitchell Royal Holloway, University of London, Egham, Surrey, TW20 0EX, United Kingdom {A.Pashalidis, C.Mitchell}@rhul.ac.uk http://www.isg.rhul.ac.uk
More informationRECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP
RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP 1. Identity Ecosystem Steering Group Charter The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy), signed by President
More informationA TRUST BASED DELEGATION SYSTEM FOR MANAGING ACCESS CONTROL. Rainer Steffen, Rudi Knorr*
A TRUST BASED DELEGATION SYSTEM FOR MANAGING ACCESS CONTROL Rainer Steffen, Rudi Knorr* Abstract Trust is considered to be a powerful approach for managing access control in pervasive computing scenarios.
More informationAdministration of Access Control in Information Systems Using URBAC Model
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 19 No. 2 (2011), pp. 89-109 Administration of Access Control in Information Systems Using URBAC Model Aneta Poniszewska-Marańda Institute of Information Technology
More informationShibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu
Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu International Center for Advanced Internet Research Outline Security Mechanisms Access Control Schemes
More informationSecure Document Circulation Using Web Services Technologies
Secure Document Circulation Using Web Services Technologies Shane Bracher Bond University, Gold Coast QLD 4229, Australia Siemens AG (Corporate Technology), Otto-Hahn-Ring 6, 81739 Munich, Germany sbracher@student.bond.edu.au
More information... Chair of Mobile Business & Multilateral Security. Privacy vs. Data: Business Models in the digital, mobile Economy
Privacy vs. Data: Business Models in the digital, mobile Economy Lecture 11 (Mobile) Identity Management SS 2015 Dr. Andreas Albers Chair of Mobile Business & Multilateral Security The Identity Concept
More informationCruise Travel Virtual Communities: Digital Identity Management and Member Satisfaction
Cruise Travel Virtual Communities: Digital Identity Management and Member Satisfaction Svetlana Stepchenkova a, Juline E. Mills a a Department of Hospitality and Tourism Management Purdue University, U.S.
More informationHow to Exploit Ontologies in Trust Negotiation
How to Exploit Ontologies in Trust Negotiation Travis Leithead 1, Wolfgang Nejdl 2, Daniel Olmedilla 2, Kent E. Seamons 1, Marianne Winslett 3, Ting Yu 4, and Charles C. Zhang 3 1 Department of Computer
More informationTrust areas: a security paradigm for the Future Internet
Trust areas: a security paradigm for the Future Internet Carsten Rudolph Fraunhofer Institute for Secure Information Technology SIT Rheinstrasse 75, Darmstadt, Germany Carsten.Rudolph@sit.fraunhofer.de
More informationFederated Identity Management for Protecting Users from ID Theft
Federated Identity Management for Protecting Users from ID Theft Paul Madsen NTT Advanced Technology 250 Cambridge Avenue, Suite 104, Palo Alto, CA 94306, USA paulmadsen@ntt-at.com Yuzo Koga NTT Information
More informationA Secure Mediator for Integrating Multiple Level Access Control Policies
A Secure Mediator for Integrating Multiple Level Access Control Policies Isabel F. Cruz Rigel Gjomemo Mirko Orsini ADVIS Lab Department of Computer Science University of Illinois at Chicago {ifc rgjomemo
More informationSingle Sign-On: Reviewing the Field
Single Sign-On: Reviewing the Field Michael Grundmann, Erhard Pointl Johannes Kepler University Linz Abstract. The Idea of having only one password for every service has led to the concept of single sign-on
More informationCHAPTER - 3 WEB APPLICATION AND SECURITY
CHAPTER - 3 WEB APPLICATION AND SECURITY 3.1 Introduction Web application or Wepapp is the general term that is normally used to refer to all distributed web-based applications. According to the more technical
More informationAccess Control of Cloud Service Based on UCON
Access Control of Cloud Service Based on UCON Chen Danwei, Huang Xiuli, and Ren Xunyi Nanjing University of posts & Telecommunications, New Model Street No.66, 210003, Nanjing, China chendw@njupt.edu.cn,
More informationGoal-Based Self-Contextualization
Goal-Based Self-Contextualization Raian Ali, Fabiano Dalpiaz Paolo Giorgini University of Trento - DISI, 38100, Povo, Trento, Italy {raian.ali, fabiano.dalpiaz, paolo.giorgini}@disi.unitn.it Abstract.
More informationIntroducing Federated Identities to One-Stop-Shop e-government Environments: The Greek Case
echallenges e-2009 Conference Proceedings Paul Cunningham and Miriam Cunningham (Eds) IIMC International Information Management Corporation, 2009 ISBN: 978-1-905824-13-7 Introducing Federated Identities
More informationLeveraging New Business Models with Identity Management An e-learning case study
Leveraging New Business Models with Identity Management An e-learning case study José M. del Álamo DIT, Universidad Politécnica de Madrid, Ciudad Universitaria s/n, 28040 Madrid, Spain jmdela@dit.upm.es,
More informationNetwork-based Access Control
Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationHowWhat Does It All Mean to Be Successful?
The Emerald Research Register for this journal is available at wwwemeraldinsightcom/researchregister The current issue and full text archive of this journal is available at wwwemeraldinsightcom/1066-2243htm
More informationA Federated Authorization and Authentication Infrastructure for Unified Single Sign On
A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de
More informationCLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS
CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS Shilpa G S 1, Maria Navin J R 2 1 PG Student, Dept. of Computer Science and Engineering, SVCE Bangalore,
More informationThe right bond at the right price: Understanding bond pricing. Smart bond buying could save you thousands.
The right bond at the right price: Understanding bond pricing. Smart bond buying could save you thousands. Executive summary Compared with stock market investing, it s not always easy to know what is
More informationAttribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements
Joint White Paper: Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements Submitted Date: April 10, 2013 Submitted
More informationWhite Paper The Identity & Access Management (R)evolution
White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management
More informationInformation Security Research
Information Security Research at the Department of Information Systems (Lehrstuhl für Wirtschaftsinformatik I) University of Regensburg, Germany Prof. Dr. Günther Pernul guenther.pernul@wiwi.uni-r.de www-ifs.uni-r.de
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationIDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization
More informationStrategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)
International Journal of Computer Applications in Engineering Sciences [VOL III, ISSUE II, JUNE 2013] [ISSN: 2231-4946] Strategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)
More informationInteractive Access Control for Autonomic Systems: From Theory to Implementation
Interactive Access Control for Autonomic Systems: From Theory to Implementation 9 HRISTO KOSHUTANSKI and FABIO MASSACCI University of Trento Autonomic communication and computing is a new paradigm for
More informationMIT Sloan School of Management
MIT Sloan School of Management Working Paper 4259-02 October 2002 Directions for Web and E-Commerce Applications Security Bhavani Thuraisingham, Chris Clifton, Amar Gupta, Elisa Bertino, Elena Ferrari
More informationHow Can Data Sources Specify Their Security Needs to a Data Warehouse?
How Can Data Sources Specify Their Security Needs to a Data Warehouse? Arnon Rosenthal The MITRE Corporation arnie@mitre.org Edward Sciore Boston College (and MITRE) sciore@bc.edu Abstract In current warehouse
More informationVolume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies
Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at: www.ijarcsms.com ISSN: 2321-7782
More informationOIO SAML Profile for Identity Tokens
> OIO SAML Profile for Identity Tokens Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 Profile Requirements 6 Requirements 6
More informationHow To Develop Software
Software Engineering Prof. N.L. Sarda Computer Science & Engineering Indian Institute of Technology, Bombay Lecture-4 Overview of Phases (Part - II) We studied the problem definition phase, with which
More informationMiracle Integrating Knowledge Management and Business Intelligence
ALLGEMEINE FORST UND JAGDZEITUNG (ISSN: 0002-5852) Available online www.sauerlander-verlag.com/ Miracle Integrating Knowledge Management and Business Intelligence Nursel van der Haas Technical University
More informationManisha R. Patil. Keywords Cloud service provider, Identity Provider, Enhanced Client Profile, Identity Management, Privacy, Trust Manager.
Volume 4, Issue 7, July 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Privacy and Dynamic
More informationAlexander Nikov. 7. ecommerce Marketing Concepts. Consumers Online: The Internet Audience and Consumer Behavior. Outline
INFO 3435 E-Commerce Teaching Objectives 7. ecommerce Marketing Concepts Alexander Nikov Identify the key features of the Internet audience. Discuss the basic concepts of consumer behavior and purchasing
More informationA Case Study of the Systems Engineering Process in Healthcare Informatics Quality Improvement. Systems Engineering. Ali M. Hodroj
A Case Study of the Systems Engineering Process in Healthcare Informatics Quality Improvement By Ali M. Hodroj Project Report submitted to the Faculty of the Maseeh School of Engineering and Computer Science
More informationDistributed Identity Management Model for Digital Ecosystems
International Conference on Emerging Security Information, Systems and Technologies Distributed Identity Management Model for Digital Ecosystems Hristo Koshutanski Computer Science Department University
More informationFederation Proxy for Cross Domain Identity Federation
Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationFederal Identity, Credential, and Access Management Trust Framework Solutions. Relying Party Guidance For Accepting Externally-Issued Credentials
Federal Identity, Credential, and Access Management Trust Framework Solutions Relying Party Guidance For Accepting Externally-Issued Credentials Version 1.1.0 Questions? Contact the FICAM TFS Program Manager
More informationIn fact, one of the biggest challenges that the evolution of the Internet is facing today, is related to the question of Identity Management [1].
1. Introduction Using the Internet has become part of the daily habits of a constantly growing number of people, and there are few human activities that can be performed without accessing the enormous
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so
More informationInformation Brokering over the Information Highway: An Internet-Based Database Navigation System
In Proc. of The Joint Pacific Asian Conference on Expert Systems, Singapore, 1997 Information Brokering over the Information Highway: An Internet-Based Database Navigation System Syed Sibte Raza ABIDI
More informationNationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance
Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty Alliance ehealth SIG National Library of Medicine
More informationThe CVS-Server Case Study: A Formalized Security Architecture
The CVS-Server Case Study: A Formalized Security Architecture Extended Abstract Achim D. Brucker, Frank Rittinger, and Burkhart Wolff {brucker,rittinge,wolff}@informatik.uni-freiburg.de 1 Introduction
More informationThe Respect Trust Framework
The Respect Trust Framework VERSION 2 2014-06- 23 Single Page Summary Purpose The purpose of the Respect Trust Framework is to define a set of principles and rules to which all Members of a digital trust
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More information2. Preliminaries. 2.1. Moving from Context to Context Views. 2.2. Building Services using Context Views. 2.3. Where does security fit in?
Enabling Secure Ad-hoc Communication using Context-Aware Security Services Extended Abstract 1. Introduction Narendar Shankar University of Maryland narendar@cs.umd.edu It is a stated goal of the ubiquitous
More informationCustomer relationship management MB-104. By Mayank Kumar Pandey Assistant Professor at Noida Institute of Engineering and Technology
Customer relationship management MB-104 By Mayank Kumar Pandey Assistant Professor at Noida Institute of Engineering and Technology University Syllabus UNIT-1 Customer Relationship Management- Introduction
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationComparing Identity Management Frameworks in a Business Context
Comparing Identity Management Frameworks in a Business Context Jaap-Henk Hoepman, Rieks Joosten, and Johanneke Siljee jaap-henk.hoepman@tno.nl, rieks.joosten@tno.nl, johanneke.siljee@tno.nl TNO, the Netherlands
More informationContext-Aware Role Based Access Control Using User Relationship
International Journal of Computer Theory and Engineering, Vol. 5, No. 3, June 2013 Context-Aware Role Based Access Control Using User Relationship Kangsoo Jung and Seog Park We suggest relationship-based
More informationA Secure Decentralized Access Control Scheme for Data stored in Clouds
A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationAnalysis of Cloud Solutions for Asset Management
ICT Innovations 2010 Web Proceedings ISSN 1857-7288 345 Analysis of Cloud Solutions for Asset Management Goran Kolevski, Marjan Gusev Institute of Informatics, Faculty of Natural Sciences and Mathematics,
More informationScholarship Programme
Department of Children and Youth Affairs Scholarship Programme Note No. 7 Research Briefing Consuming Talk: Youth Culture and the Mobile Phone 1. What is the study s background? This study was the subject
More informationDistributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation
Distributed Identification and Consumer Data Protection Khaja Ahmed Microsoft Corporation Threats to Online Safety Consumer privacy has steadily declined as internet use grew over the years Greater use
More informationA New Undergraduate Major: Interactive Media and Game Development
A New Undergraduate Major: Interactive Media and Game Development David Finkel, Mark Claypool, Michael A. Gennert Department of Computer Science Fred Bianchi, Dean O Donnell, Patrick Quinn Department of
More informationA Model for Access Control Management in Distributed Networks
A Model for Access Control Management in Distributed Networks Master of Science Thesis Azadeh Bararsani Supervisor/Examiner: Dr. Johan Montelius Royal Institute of Technology (KTH), Stockholm, Sweden,
More informationPSG College of Technology, Coimbatore-641 004 Department of Computer & Information Sciences BSc (CT) G1 & G2 Sixth Semester PROJECT DETAILS.
PSG College of Technology, Coimbatore-641 004 Department of Computer & Information Sciences BSc (CT) G1 & G2 Sixth Semester PROJECT DETAILS Project Project Title Area of Abstract No Specialization 1. Software
More informationAttribute-Based Access Control. Stephen Schwab and Jay Jacobs. SPARTA ISSO Security Research Division (d.b.a. Cobham Analytic Solutions)
March 18, 2010 Attribute-Based Access Control Stephen Schwab and Jay Jacobs SPARTA ISSO Security Research Division (d.b.a. Cobham Analytic Solutions) Topics ABAC Usage and Features RT 0 Credentials Delegation
More informationEDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics
EDS Innovation Research Programme DISCUSSION PAPER SERIES No.005 Media, Connectivity, Literacies and Ethics Security Challenges of Networks: Cyber Trust and Cyber Crime Robin Mansell March 2006 EDS Innovation
More informationSchichtenübergreifendes Identitätsmanagement zwischen HIP und SAML
Schichtenübergreifendes Identitätsmanagement zwischen HIP und SAML Ein Architekturkonzept Supported by the SWIFT project www.ist-swift.org Marc Barisch, Alfredo Matos marc.barisch@ikr.uni-stuttgart.de,
More information