Abstract
A Virtual Organisation (VO) is a temporary alliance of autonomous, diverse, and geographically dispersed organisations, where the participants pool resources, information and knowledge in order to meet common objectives. This requires dynamic security policy management. We propose an authorisation policy management model called recognition of authority (ROA) which allows dynamically trusted authorities to adjust the authorisation policies for VO resources. The model supports dynamic delegation of authority, and the expansion and contraction of organizations in a VO, so that the underlying authorisation system is able to use existing user credentials issued by participating organisations to evaluate the user’s access rights to VO resources.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Chadwick, D., Otenko, S.: The permis x.509 role based privilege management infrastructure. In: Proceedings of 7th ACM Symoisium on Access Control Models and Technologies (SACMAT 2002), ACM Press, New York (2002)
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: Building a modular authorization infrastructure. In: Fifth All Hands Meeting. UK e-science, Achievements, Challenges & New Opportunities (September 2006)
Chadwick, D.W, Otenko, S., Nguyen, T.A.: Adding support to xacml for dynamic delegation of authority in multiple domains. In: 10th IFIP Open Conference on Communications and Multimedia Security, Heraklion Crete (2006)
Erdos, M., Cantor, S.: Shibboleth-architecture draft v05. Technical report, Internet2 (May 2002)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Firozabadi, B.S., Olsson, O., Rissanen, E.: Managing authorisations in dynamic coalitions. Swedish Institute of Computer Science (2003)
Kagal, L., Finin, T., Peng, Y.: A delegation based model for distributed trust. In: Proceedings of the IJCAI01 Workshop on Autonomy, Delegation and Control: Interacting with Autonomous Agent, Seattle, pp. 73–80 (2001)
Kang, M.H., Park, J.S., Froscher, J.N.: Access control mechanisms for inter-organizational workflow. In: The sixth ACM symposium on Access control models and technologies, Chantilly, Virginia, United States, pp. 66–74. ACM Press, New York (2001)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)
Li, N., Mitchell, J.C., Winsborough, W.H.: Distributed credential chain discovery in trust management. Journal of Computer Security, 35–86 (2003)
Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. IEEE Journal on Selected Areas in Communications 11(9), 1404–1414 (1993)
Mukkamala, R., Atluri, V., Warner, J., Abbadasari, R.: A distributed coalition service registry for ad-hoc dynamic coalitions: A service-oriented approach. In: Damiani, E., Liu, P. (eds.) Data and Applications Security XX. LNCS, vol. 4127, pp. 209–223. Springer, Heidelberg (2006)
Nguyen, T.-A., Su, L., Inman, G., Chadwick, D.: Flexible and manageable delegation of authority in rbac. In: Proceedings of The IEEE Ubisafe 2007, Ontario, Canada, 21-23 May 2007, IEEE Computer Society Press, Los Alamitos (2007)
Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A composite rbac approach for large, complex organizations. In: ACM SACMAT 2004, Yorktown Heights, New York, ACM Press, New York (2004)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: Community authorization service for group collaboration. In: IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The arbac97 model for role-based administration of roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models, 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nguyen, TA., Chadwick, D., Nasser, B. (2007). Recognition of Authority in Virtual Organisations. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)