Skip to main content
SpringerLink
Log in

Enabling Attribute Delegation in Ubiquitous Environments

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11

Similar content being viewed by others

References

  1. Agudo I, Lopez J, Montenegro JA (2005) A representation model of trust relationships with delegation extension. In: 3rd international conference on trust management, iTrust 2005, vol 3477 of Lecture Notes in Computer Science. Springer, pp 116–130

  2. Agudo I, Lopez J, Montenegro JA (2005) A graphical delegation solution for X.509 attribute certificates ERCIM News. SPECIAL THEME: Security and Trust Management No. 63, October, pp 33–34. ISSN: 0926-4981

  3. Agudo I, Lopez J, Montenegro JA (2006) Graphical representation of authorization policies for weighted credentials. In: 11th Australasian conference on information security and privacy. (ACISP’06), LNCS 4058, Springer. Melbourne, Australia, pp 383–394, July

  4. Bray T, Paoli J, Sperberg-McQueen C, Maeler E, Yergeau F (2006) Extensible markup language (XML) 1.0. 4th edn. W3C Recommendation. 16 August 2006

  5. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A (1999) The keynote trust-management system version 2. RFC 2704

  6. Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: IEEE symposium on security and privacy. IEEE Computer Society Press, pp 164–173

  7. Corcho O, Fernandez-Lopez M, Gomez-Perez A (2003) Methodologies, tools and languages for building ontologies. Where is their meeting point?. Data Knowledge Eng 46(1):41–64, July

    Article  Google Scholar 

  8. DAML+OIL Web Ontology Language. http://www.w3.org/TR/daml+oil-reference

  9. Ellison C, Frantz B, Lacy J (1996) Simple public key certificate. Internet Draft draft-ietf-spki-cert-structure-06.txt

  10. Ellison C (1999) SPKI Certificate Theory, RFC 2693

  11. Erdos M, Cantor S (2002) Shibboleth-Architecture DRAFT v05, May

  12. Gruber T (1995) Toward principles for the design of ontologies used for knowledge sharing. Int J Human-Computer Stud 43(5–6):907–928, November

    Article  Google Scholar 

  13. Hughes J (2004) SAML technical overview. OASIS. Document id sstc-saml-tech-overview-1.1-cd

  14. Hughes J (2005) SAML technical overview. OASIS. Document id sstc-saml-tech-overview-2.0-draft-03

  15. ITU-T Recommendation X.509 (1997) Information technology - open systems interconnection. The directory: authentication framework, June

  16. ITU-T Recommendation X509 (2000) Information technology open systems interconnection. The directory: public-key and attribute certificate frameworks, March

  17. Kaliski B. A Layman’s Guide to a Subset of ASN.1, BER, and DER. RSA Laboratories Technical Note, November

  18. Knublauch H, Fergerson R, Noy N, Musen M (2004) The protege OWL plugin: an open development environment for semantic web applications. The 3rd international semantic web conference (ISWC 2004). Springer, pp 229–243

  19. Landau S, Hodges J (2003) A brief introduction to liberty. http://research.sun.com/liberty/_intro/ABItL/ID-FF.html

  20. Li N, Mitchell J, Winsborough W (2002) Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy. IEEE Computer Society Press, pp 114–130, May 2002

  21. McGuinness D, van Harmelen F. OWL web ontology language overview. http://www.w3.org/TR/owl-features/

  22. Mundy D, Chadwick D (2004) An XML alternative for perfomance and security: ASN.1. In: IEEE IT Professional, 6(1). IEEE Computer Society Press, pp 30–36

  23. OWL Working Group. http://www.w3.org/2007/OWL/

  24. Sahuguet A, Brands S, Cameron K, Conor C, Pichelin A, Ar Foll F, Neuenschwander M (2006) Identity management on converged networks: a reality check. In: Proceedings of the 15th international conference on world wide web (Edinburgh, Scotland, 23–26 May 2006). WWW ’06. ACM Press, New York, NY, pp 747–747

    Chapter  Google Scholar 

  25. Seamons K, Winslett M, Yu T (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the symposium on network and distributed system security, (NDSS’01), pp 109–125, February 2001

  26. Sirin E, Parsia B, Cuenc B, Kalyanpur A, Katz Y (2007) Pellet: a practical OWL-DL reasoner. J Web Semantics 5(2):51–53

    Google Scholar 

  27. Rivest R, Lampson B (1996) SDSI -a simple distributed security infrastructure. In: 6th annual international cryptology conference. Santa Barbara, California, USA, 18–22 August 1996

  28. Yuan E, Tong J (2005) Attributed based access control (ABAC) for web services. In: IEEE international conference on web services (ICWS’05), pp 561–569

  29. Winsborough W, Jacobs J (2003) Automated trust negotiation in attribute-based access control DISCEX (2):252–258

  30. Winsborough W, Li N (2006) Safety in automated trust negotiation. ACM Trans Inf Syst Security 9(3):352–390

    Article  Google Scholar 

  31. Winsborough W, Seamons K, Jones V (2000) Automated trust negotiation. In: DARPA information survivability conference and exposition, vol I. IEEE Press, pp 88–102, January

  32. Zhdanova A, Keller U (2005) An choosing an ontology language. The second world enformatika conference, WEC’05, 25–27 February 2005. Istanbul, Turkey

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of Malaga, Malaga, Spain

    Isaac Agudo, Javier Lopez & Jose A. Montenegro

Authors
  1. Isaac Agudo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Javier Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jose A. Montenegro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Isaac Agudo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Agudo, I., Lopez, J. & Montenegro, J.A. Enabling Attribute Delegation in Ubiquitous Environments. Mobile Netw Appl 13, 398–410 (2008). https://doi.org/10.1007/s11036-008-0062-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-008-0062-4

Keywords

Search

Navigation