Abstract
In this paper we propose a security architecture and mechanism for Virtual Organizations (VO) for businesses. The VOs we consider are based on web service technology to address interoperability issues and cater for future business software, and are dynamic, i.e. their membership may change frequently throughout their lifetime. We improve over previous approaches in the following aspect: We have designed, implemented and evaluated a comprehensive security mechanism for our architecture that can protect both the web services in the VO and the VO management services. The security policies of VO management are enforced by inspecting the request for the encodings of parameters that are relevant to the policy decision. The basic idea may be applicable to other web service based software with data-dependent security policies, e.g. databases.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: Trust management for public-key infrastructures. In: 1998 Security Protocols International Workshop (1998)
Chadwick, D.W., Otenko, O.: The permis x.509 role based privilege management infrastructure. Future Gener. Comput. Syst. 19(2), 277–289 (2003)
Demchenko, Y., Commans, L., de Laat, C., Steenbakkers, M., Ciashini, V., Venturi, V.: Vo-based dynamic security associations in collaborative grid environment. In: Workshop on Collaboration and Security (COLSEC) of The 2006 International Symposium on Collaborative Technologies and Systems (CTS) (2006)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: P5th ACM Conference on Computer and Communications Security (1998)
Mullender, S., Tanenbaum, A.: The design of a capability-based distributed operating system. The Computer Journal 29(4), 289–299 (1986)
OASIS, 2002 Security Assertion Markup Language (SAML) 1.0 Specification (2002)
OASIS, 2005 eXtensible Access Control Markup Language 2 (XACML) Version 2.0 Specification (2005)
Pearlman, L., Kesselman, C., Welch, V., Foster, I., Tuecke, S.: The community authorization service: Status and future. In: Conference for Computing in High Energy and Nuclear Physics (CHEP) (2003)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: IEEE Workshop on Policies for Distributed Systems and Netoworks (2002)
Guerin, R., Yavatkar, R., Pendarakis, D.: A framework for policy-based admission control. In: RFC 2753 (2000)
Robinson, P., Karabulut, Y., Haller, J.: Dynamic virtual organization management for service oriented enterprise applications. In: 1st International Conference on Collaborative Computing (2005)
Robinson, P., Kerschbaum, F., Schaad, A.: From business process choreography to authorization policies. In: 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (2006)
Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. Foundations of Security Analysis and Design (2001)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role based access control models. IEEE Computer 29(2) (1996)
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a pki environment. ACM Transactions on Information and System Security 6(4), 566–588 (2003)
Thompson, M., Mudumbai, S., Essiari, A., Chin, W.: Authorization policy in a pki environment. In: 1st Annual NIST workshop on PKI (2002)
Welch, V., Ananthakrishnan, R., Meder, S., Pearlman, L., Siebenlist, F.: Use of saml in the community authorization service. Computing in High Energy and Nuclear Physics (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kerschbaum, F., Deitos, R., Robinson, P. (2007). Securing VO Management. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)