DocumentCode :
3435649
Title :
Authorisation Using Attributes from Multiple Authorities
Author :
Chadwick, David W.
Author_Institution :
Comput. Lab., Kent Univ., Canterbury
fYear :
2006
fDate :
38869
Firstpage :
326
Lastpage :
331
Abstract :
As attribute based authorisation infrastructures such as XACML gain in popularity, linking together user attributes from multiple attribute authorities (AAs) is becoming a pressing problem. Current models and mechanisms do not support this linking, primarily because the user is known by different names in the different AAs. Furthermore, linking the attributes together poses a potential risk to the user´s privacy. This paper provides a model and protocol elements for linking AAs, service providers and user attributes together, under the sole control of the user, thereby maintaining the user´s privacy. The paper also shows how the model and protocol elements can be implemented using existing technologies, namely relational databases or LDAP directories, and the SAML protocol
Keywords :
authorisation; cryptographic protocols; data privacy; relational databases; attribute based authorisation infrastructures; multiple attribute authorities; protocol elements; service providers; user privacy; Access control; Authorization; Councils; Joining processes; Paper technology; Pressing; Privacy; Protocols; Relational databases;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 2006. WETICE '06. 15th IEEE International Workshops on
Conference_Location :
Manchester
ISSN :
1524-4547
Print_ISBN :
0-7695-2623-3
Type :
conf
DOI :
10.1109/WETICE.2006.22
Filename :
4092231
Link To Document :
بازگشت