DocumentCode
3451682
Title
A logical framework for reasoning about policies with trust negotiations and workflows in a distributed environment
Author
Balbiani, Philippe ; Chevalier, Yannick ; El Houri, M.
Author_Institution
Inst. de Rech. en Inf. de Toulouse, Univ. de Toulouse, Toulouse, France
fYear
2009
fDate
19-22 Oct. 2009
Firstpage
3
Lastpage
11
Abstract
We propose in this paper a framework in which the security policies of services in a distributed environment can be expressed. Services interact by exchanging credentials. Each service is made up of an access control policy protecting the access to the service, and of a trust negotiation policy controlling the accessibility of the credentials for other services. We add a workflow layer for each service to model its dynamic evolution with respect to the performed accesses. Unlike most of the access control policies which are uniquely based on roles, we choose an attribute based framework leading to more flexibility in the characterization of users. The strengths of this framework are its ability to control and check the access control aspect of the services and its dynamic evolution based on an exchange of credentials. We provide a unified framework for reasoning on access control policies, trust negotiation policies and workflows.
Keywords
Web services; authorisation; access control policy; attribute based framework; distributed environment; logical framework; services credentials accessibility; services security policy; trust negotiation; trust negotiation policy; workflow layer; Access control; Application software; Law; Legal factors; Petri nets; Proposals; Protection; Security; Service oriented architecture; Simple object access protocol;
fLanguage
English
Publisher
ieee
Conference_Titel
Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on
Conference_Location
Toulouse
ISSN
2151-4763
Print_ISBN
978-1-4244-4498-4
Electronic_ISBN
2151-4763
Type
conf
DOI
10.1109/CRISIS.2009.5411983
Filename
5411983
Link To Document