Policy Languages for Digital Identity Management in Federation Systems

Get BibTex-formatted data

Author

Elisa Bertino, Abhilasha Bhargav-Spantzel, Anna C. Squicciarini

Entry type

proceedings

Abstract

The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified.

Date

2006

URL

http://csdl2.computer.org/pers ... OI=10.1109/POLICY.2006.22

Booktitle

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)

Key alpha

Bertino

Pages

54-66

Affiliation

Purdue University

Publication Date

2006-00-00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Proceedings{ Bertino,
	title = "Policy Languages for Digital Identity Management in Federation Systems",
	author = "Elisa Bertino, Abhilasha Bhargav-Spantzel, Anna C. Squicciarini",
	year = "2006",
	booktitle = "Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)",
	pages = "54-66",
	abstract = "The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified.",
	affiliation = "Purdue University",
	url = "http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/policy/2006/2598/00/2598toc.xml&DOI=10.1109/POLICY.2006.22",
}