DATA AND ACCESS MANAGEMENT USING ACCESS TOKENS FOR DELEGATING AUTHORITY TO PERSONS AND SOFTWARE

Hidehito Gomi

Abstract

Delegation of authority is an act whereby an entity delegates his or her rights to use personal information to another entity. It has most often been implemented in enterprise environments, but previous studies have focused little on the dynamic data and access management model or the design from a practical viewpoint. A data and access management model for the delegation of authority is proposed. In the proposed model, an access token that is an opaque string associated with authorized permission is issued and exchanged among users and entities across security domains. The framework enables fine-grained access control and permission assignment for delegated access by persons and software agents.

References

  1. Sandhu, R., Coyne, E., Feinstein, H., Youman, C. (1996). Role-based access control models. IEEE Computer 38-47
  2. Barka, E., Sandhu, R. (2000). Framework for role-based delegation models. In Proceedings of the 16th Annual Computer Security Applications Conference. 168-176
  3. Zhang, L., Ahn, G. J., Chu, B. (2003). A rule-based framework for role-based delegation and revocation. ACM Transactions on Information and System Securiry, 404-441.
  4. Wainer, J. and Kumar, A. (2005). A fine-grained, controllable, user-to-user delegation method in RBAC. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). 59- 66
  5. Joshi, J. and Bertino, E. (2006). Fine-grained role-based delegation in presence of the hybrid role hierarchy. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06). 81- 90
  6. Li, N. and Grosof, B. and Feigenbaum, J. (2003) Delegation logic: a logic-based approach to distributed authorization. ACM Transactions on Information and System Securiry 128-171
  7. Pham, Q. and Reid, J.and McCullagh, A. and Dawson, E. (2008) Commitment issues in delegation process. In: Proceedings of the 6th Australasian Information Security Conference (AISC'08). 27-38
  8. Bussard, L. and Nano, A. and Pinsdorf, U. (2009) Delegation of access rights in multi-domain service compositions. Identity in the Information Society, 2, 137-154
  9. Chadwick, D. W. and Otenko, S. and Nguyen, T. (2009) Adding support to XACML for multi-domain user to user dynamic delegation of authority. International Journal of Information Security, 8, 137-152
  10. Hasebe, K. and Mabuchi, M. and Matsushita, A. (2010) Capability-based delegation model in RBAC. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT'10) 109-118
  11. Cohen, E. and Thomas, R. and Winsborough, W. and Shands, D. (2002) Models for coalition-based access
  12. control (CBAC). In Proceedings of the 7th ACM Sym-
  13. (SACMAT'02). 97-106
  14. Ellison, C. and Frantz, B. and Lampson, B. and Rivest, R. and Thomas, B. and Ylonen, T. (1999) SPKI certificate theory RFC 2693.
  15. Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S. (2005) A delegation framework for federated identity management. In Proceedings of the ACM Workshop on Digital Identity Management (DIM'05). 94-103
  16. OASIS (2005) Assertions and protocol for the OASIS security assertion markup language (SAML) v2.0 http://www.oasis-open.org/committees/tc home.php? wg abbrev=security.
  17. OAuth core 1.0 revision A
Download


Paper Citation


in Harvard Style

Gomi H. (2011). DATA AND ACCESS MANAGEMENT USING ACCESS TOKENS FOR DELEGATING AUTHORITY TO PERSONS AND SOFTWARE . In Proceedings of the International Conference on Security and Cryptography - Volume 1: MPEIS, (ICETE 2011) ISBN 978-989-8425-71-3, pages 457-463. DOI: 10.5220/0003619504570463


in Bibtex Style

@conference{mpeis11,
author={Hidehito Gomi},
title={DATA AND ACCESS MANAGEMENT USING ACCESS TOKENS FOR DELEGATING AUTHORITY TO PERSONS AND SOFTWARE},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: MPEIS, (ICETE 2011)},
year={2011},
pages={457-463},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003619504570463},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: MPEIS, (ICETE 2011)
TI - DATA AND ACCESS MANAGEMENT USING ACCESS TOKENS FOR DELEGATING AUTHORITY TO PERSONS AND SOFTWARE
SN - 978-989-8425-71-3
AU - Gomi H.
PY - 2011
SP - 457
EP - 463
DO - 10.5220/0003619504570463