Thomas Diniz, Andre Castro de Felippe, Tainá Medeiros, Carlos Eduardo da Silva, Roberto Araújo
{"title":"在联邦身份环境中管理对服务提供者的访问:云存储服务中的案例研究","authors":"Thomas Diniz, Andre Castro de Felippe, Tainá Medeiros, Carlos Eduardo da Silva, Roberto Araújo","doi":"10.1109/SBRC.2015.32","DOIUrl":null,"url":null,"abstract":"Currently the diversity of services, which are adhering to Identity Federation, has raised new challenges in the area. Increasingly, service providers need to control the access to their resources by users from the federation as, even though the user is authenticated by the federation, its access to resources cannot be taken for granted. Each Service Provider (SP) of a federation implements their own access control mechanism. Moreover, SPs might need to allow different access control granularity. For instance, all users from a particular Identity Provider (IdP) may access the resources due to some financial agreement. On the other hand, it might be the case that only specific users, or groups of users, have access to the resources. This paper proposes a solution to this problem through a hierarchical authorization system. Our approach, which can be customized to different SPs, allows the SP administrator to manage which IdPs, or users, have access to the provided resources. In order to demonstrate the feasibility of our approach, we present a case study in the context of a cloud storage solution.","PeriodicalId":307266,"journal":{"name":"2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Managing Access to Service Providers in Federated Identity Environments: A Case Study in a Cloud Storage Service\",\"authors\":\"Thomas Diniz, Andre Castro de Felippe, Tainá Medeiros, Carlos Eduardo da Silva, Roberto Araújo\",\"doi\":\"10.1109/SBRC.2015.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently the diversity of services, which are adhering to Identity Federation, has raised new challenges in the area. Increasingly, service providers need to control the access to their resources by users from the federation as, even though the user is authenticated by the federation, its access to resources cannot be taken for granted. Each Service Provider (SP) of a federation implements their own access control mechanism. Moreover, SPs might need to allow different access control granularity. For instance, all users from a particular Identity Provider (IdP) may access the resources due to some financial agreement. On the other hand, it might be the case that only specific users, or groups of users, have access to the resources. This paper proposes a solution to this problem through a hierarchical authorization system. Our approach, which can be customized to different SPs, allows the SP administrator to manage which IdPs, or users, have access to the provided resources. In order to demonstrate the feasibility of our approach, we present a case study in the context of a cloud storage solution.\",\"PeriodicalId\":307266,\"journal\":{\"name\":\"2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SBRC.2015.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SBRC.2015.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Managing Access to Service Providers in Federated Identity Environments: A Case Study in a Cloud Storage Service
Currently the diversity of services, which are adhering to Identity Federation, has raised new challenges in the area. Increasingly, service providers need to control the access to their resources by users from the federation as, even though the user is authenticated by the federation, its access to resources cannot be taken for granted. Each Service Provider (SP) of a federation implements their own access control mechanism. Moreover, SPs might need to allow different access control granularity. For instance, all users from a particular Identity Provider (IdP) may access the resources due to some financial agreement. On the other hand, it might be the case that only specific users, or groups of users, have access to the resources. This paper proposes a solution to this problem through a hierarchical authorization system. Our approach, which can be customized to different SPs, allows the SP administrator to manage which IdPs, or users, have access to the provided resources. In order to demonstrate the feasibility of our approach, we present a case study in the context of a cloud storage solution.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
