Policy languages for digital identity management in federation systems

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI:10.1109/POLICY.2006.22

E. Bertino, Abhilasha Bhargav-Spantzel, A. Squicciarini

{"title":"Policy languages for digital identity management in federation systems","authors":"E. Bertino, Abhilasha Bhargav-Spantzel, A. Squicciarini","doi":"10.1109/POLICY.2006.22","DOIUrl":null,"url":null,"abstract":"The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federation implemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2006.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federation implemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified

查看原文本刊更多论文

联邦系统中数字身份管理的策略语言

服务提供者联合的目标是支持一种受控方法，通过这种方法，分布式组织可以向合格的个人提供服务，并在组织间级别管理其身份属性。为了做出访问控制决策，应该考虑活动的历史记录，因此有必要记录有关联邦实体之间交互的信息。为了实现这些目标，我们提出了一种全面的断言语言，能够支持联邦系统的静态和动态属性的描述。断言是描述在联合中交互的实体的行为，以及定义控制对服务和隐私策略访问的策略的强大手段。我们还提出了一种基于日志的方法，用于捕获联邦内的活动历史，实现为存储在联邦中各个组织的数据库中的一组表。我们将说明如何通过对这些表使用不同类型的查询来验证联合的安全属性

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)

自引率

0.00%

发文量