A Generalized Model for Internet-Based Access Control Systems with Delegation Support

Buranasaksee, Utharn; Porkaew, Kriengkrai; Supasitthimethee, Umaporn

doi:10.1007/978-3-642-37949-9_84

Utharn Buranasaksee¹⁶,
Kriengkrai Porkaew¹⁶ &
Umaporn Supasitthimethee¹⁶

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 115))

Included in the following conference series:

International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness

2734 Accesses
1 Citations

Abstract

In the web environment, web browsers use HTTP/HTTPS to communicate between users and web/application servers. However, many internet activities require interactions among three parties without compromising confidentiality. For example, an e-commerce transaction requires a buyer to authorize an e-commerce website to withdraw money from the buyer’s bank account at an internet banking website. Although several existing works have been proposed to solve this problem, they are done in ad-hoc manners or lack of some important properties. This paper proposes a model, called PRA (Provider-Requestor-Authorizer), for generalizing three-party communication in the web-environment in order to identify desirable properties that can be used to measure the goodness of protocols for and classify them. We found that PRA model can generalize three-party communication protocols to a single model from conceptual level to implementation level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

OpenID Authentication 2.0, http://openid.net/specs/openid-authentication-2_0.html (accessed 30 June 2012)
Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated Security: The Shibboleth Approach. In: EDUCAUSE Quarterly, vol. 27, pp. 12–17 (2004)
Google Scholar
Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0., https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (Accessed 30 August 2012)
González, J.F., Rodríguez, M.C., Nistal, M.L., Rifón, L.A.: Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems. Computers & Security 28, 843–856 (2009)
Article Google Scholar
OAuth Core 1.0a, http://oauth.net/core/1.0a/ (accessed 30 June 2012)
The OAuth 2.0 Authorization Framework, http://tools.ietf.org/html/draft-ietf-oauth-v2-30 (accessed 30, June 2012)
Schiffman, J., Xinwen, Z., Gibbs, S.: DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 95–102 (2010)
Google Scholar
Alam, M., Zhang, X., Khan, K., Ali, G.: xDAuth: a scalable and lightweight framework for cross domain access control and delegation. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 31–40. ACM, New York (2011)
Google Scholar
OAuth 2.0 Threat Model and Security Considerations, http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-07 (accessed 20 August 2012)
Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Proceeding of the 11th European Symposium on Research in Computer Security, pp. 174–191 (2006)
Google Scholar
Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments. In: Cruz, I., Decker, S., Allemang, D., Preist, C., Schwabe, D., Mika, P., Uschold, M., Aroyo, L.M. (eds.) ISWC 2006. LNCS, vol. 4273, pp. 473–486. Springer, Heidelberg (2006)
Chapter Google Scholar
Google Docs, http://www.google.com/google-d-s/b1.html (accessed 30 August 2012)
Facebook, http://www.facebook.com (accessed 30 August 2012)
Microsoft account, https://account.live.com/ (accessed 30 August 2012)

Download references

Author information

Authors and Affiliations

School of Information Technology, King Mongkut’s University of Technology, Thonburi, Bangkok, China
Utharn Buranasaksee, Kriengkrai Porkaew & Umaporn Supasitthimethee

Authors

Utharn Buranasaksee
View author publications
You can also search for this author in PubMed Google Scholar
Kriengkrai Porkaew
View author publications
You can also search for this author in PubMed Google Scholar
Umaporn Supasitthimethee
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Gautam Buddha University, Greater Noida, 201310, India
Karan Singh & Amit K. Awasthi &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Buranasaksee, U., Porkaew, K., Supasitthimethee, U. (2013). A Generalized Model for Internet-Based Access Control Systems with Delegation Support. In: Singh, K., Awasthi, A.K. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37949-9_84

Download citation

DOI: https://doi.org/10.1007/978-3-642-37949-9_84
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37948-2
Online ISBN: 978-3-642-37949-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics