In this paper, we propose a methodology for incremental security policy specification at varying levels of abstraction while maintaining strict equivalence with respect to authorization state. We specifically consider the recently proposed group-centric secure information sharing (g-SIS) domain. The current specification for g-SIS authorization policy is stateless in the sense that it solely fo...

This document defines support for the Authorization Identity Request Control and the Authorization Identity Response Control for requesting and returning the authorization established in a bind operation. The Authorization Identity Request Control may be submitted by a client in a bind request if authenticating with version 3 of the Lightweight Directory Access Protocol (LDAP) protocol [LDAPv3]...

Authorization is an open problem in Ambient Intelligence environments. The difficulty of implementing authorization policies lies in the open and dynamic nature of such environments. The information is distributed among various heterogeneous devices that collect, process, change, and share it. Previous work presented a fully distributed approach for reasoning with conflicts in ambient intellige...

Trust management is a promising approach for the authorization in distributed environment. There are two key issues for a trust management system: how to design high-level policy language and how to solve the compliance-checking problem [3, 4]. We adopt this approach to deal with distributed authorization with delegation. In this paper, we propose an authorization language AL, a human-understan...

Several models of authorization have been proposed for object-oriented databases supporting diierent levels of granularity. However, these models do not support authorization based on database contents and context. A way of handling context and content-dependent authorization is by using views. In this paper, we present a model of authorization, based on a view model proposed by Bertino 4], tha...

The authorization mechanisms in existing Grids are relatively static, so we present a dynamic authorization mechanism. Through the negotiation between users and resources, the Grid security management entities match the requests of the user and resource according to corresponding stipulations in security policies, form security contracts, and make authorization decisions. In order to reflect wh...

The Web service specifications managing authentication and authorization are still a work in progress. A large-scale application built today is in need of a solid authentication and authorization infrastructure. A role-based authentication, authorization and accounting (AAA) concept is able to provide the services needed, while it is possible to gain additional flexibility to handle the co-oper...

Authorization is still an open problem in Ambient Intelligence environments. The difficulty of implementing authorization policies lies in the open and dynamic nature of such environments. The information is distributed among various heterogeneous devices that collect, process, change and share it. Previous work presented a fully distributed approach for reasoning with conflicts in ambient ...

One crucial aspect of information technology for e-Society is security, where authorization is one of the three important factors, besides availability and integrity. During the past years Role-Based Access Control (RBAC) has been proven a sound method of modeling the authorization within an organization. Recently we introduced a novel distributed concept RBAC which is based on distributed gene...