Access control methodology for sharing of open and domain confined data using Standard Credentials
نویسنده
چکیده
Various credential based approaches have been proposed for realizing access control on shared data sources. These approaches use various types of credentials like identity certificates, attribute certificates, authorization certificates etc. Different credentials are found to be suitable in different conditions. The aim of this paper is to develop an access control methodology that not only enables immediate and open access to shared data by competent users but also provides fine grained access control on the domain confined data. The concept of standard credential is introduced which is a general purpose credential and can grant easy and fast access to variety of data sources across multiple domains. In this methodology, access control policy is defined using various types of credentials. Use of different types of credentials simplifies the specification of access control policy and provides more granular access control. KeywordsAccess Control; credential; digital certificates; open access; attribute certificate; identity certificate; authorization certificate
منابع مشابه
Extending XACML to support Credential Based Hybrid Access Control
Various research efforts are in progress to enforce credential based access control using XACML standard. The current standard of XACML supports attribute based access control [4,5,9,19]. While XACML accepts certified attributes through digital certificates, it does not support credential based access control in which the access conditions are defined not only in terms of credential attributes ...
متن کاملA Fine Grained Access Control Model Based on Diverse Attributes
As the web has become a place for sharing of information and resources across varied domains, there is a need for providing authorization services in addition to authentication services provided by public key infrastructure (PKI). In distributed systems the use of attribute certificates (AC) has been explored as a solution for implementation of authorization services and their use is gaining po...
متن کاملA Fine-Grained and X.509-Based Access Control System for Globus
The rapid advancement of technologies such as Grid computing, peer-to-peer networking, Web Services to name a few, offer for companies and organizations an open and decentralized environment for dynamic resource sharing and integration. Globus toolkit emerged as the main resource sharing tool used in the Grid community. Access control and access rights management become one of the main bottlene...
متن کاملTowards Novel And Efficient Security Architecture For Role- Based Access Control In Grid Computing
Recently, there arose a necessity to distribute computing applications frequently across grids. Ever more these applications depend on services like data transfer or data portal services and submission of jobs. Owing to the fact that the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is of vital significance in grid computing....
متن کاملA Survey on Non-transferable Anonymous Credentials
There are at least two principal approaches to prevent users from sharing their anonymous credentials: adding valuable secrets into the system the user does not want to share or embedding biometric access control. This paper seeks to identify possible fields of application and to compare both approaches with respect to the credentials’ nontransferability. The paper shows that both approaches do...
متن کامل