Separation of access control logic from other components of applications facilitates uniform enforcement of policies across applications in enterprise systems. This approach is popular in attribute-based access control (ABAC) systems and is embodied in the XACML standard. For this approach to be practical in an enterprise system, the access control decision engine must be scalable, able to quic...

Originator Control is an access control policy that requires recipients to gain originator’s approval for redissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial Digita...

The π-calculus has been developed to reason about behavioural equivalence. Different notions of equivalence are defined in terms of process interactions, as well as the context of processes. There are various extensions of the π-calculus, such as the SPI calculus, which has primitives to facilitate security protocol design. Another area of computer security is access control research, which inc...

Web service-oriented architecture (WSOA) is a promising paradigm for future software development. Necessary identity management (IdM) architectures for WSOA are just being prepared to enable fine-grained access control. With the loose coupling of Web services with crosscutting identity services the question arises how to develop access control policies for Web services. In this paper we present...

With Software-as-a-Service (SaaS), a centrally hosted webbased application is o ered to a large number of customer organizations called tenants, each using multiple applications. The tenant and provider each work in their own authoritative and administrative domain, leading to a federated architecture and raising the bar for security and access control. Access control with SaaS applications is ...