Book Chapter10.1007/11823865_14
Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers
Christian Schläger,Manuel Sojer,Björn Muschall,Günther Pernul +3 more
- 05 Sep 2006
- pp 132-141
30
TL;DR: An AAI reference model is proposed that includes ABAC functionality based on the XACML standard and lessons learned from various existing AAIs, which are AKENTI, CARDEA, CAS, GridShib, Liberty ID-FF, Microsoft .NET Passport, PAPI, PERMIS, Shibboleth and VOMS.
read more
Abstract: Authentication and authorisation has been a basic and necessary service for internet transactions. With the evolution of e-commerce, traditional mechanisms for data security and access control are becoming outdated. Several new standards have emerged which allow dynamic access control based on exchanging user attributes. Unfortunately, while providing highly secure and flexible access mechanisms is a very demanding task, it cannot be considered a core competency for most e-commerce corporations. Therefore, a need to outsource or at least share such services with other entities arises. Authen-tication and Authorisation Infrastructures (AAIs) can provide such integrated federations of security services. They could, in particular, provide attribute-based access control (ABAC) mechanisms and mediate customers’ demand for privacy and vendors’ needs for information. We propose an AAI reference model that includes ABAC functionality based on the XACML standard and lessons learned from various existing AAIs. AAIs analysed are AKENTI, CARDEA, CAS, GridShib, Liberty ID-FF, Microsoft .NET Passport, PAPI, PERMIS, Shibboleth and VOMS.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
A unified attribute-based access control model covering DAC, MAC and RBAC
Xin Jin,Ram Krishnan,Ravi Sandhu +2 more
- 11 Jul 2012
TL;DR: This paper takes a step towards establishing formal connections between the three successful classical models and desired ABAC models by constructing an ABAC model that has "just sufficient" features to be "easily and naturally" configured to do DAC, MAC and RBAC.
SSIBAC: Self-Sovereign Identity Based Access Control
Rafael Belchior,Benedikt Putz,Guenther Pernul,Miguel Correia,André Vasconcelos,Sérgio Guerreiro +5 more
- 29 Dec 2020
TL;DR: This work proposes Self-Sovereign Identity Based Access Control (SSIBAC), an access control model for cross-organization identity management that leverages conventional access control models and blockchain technology to provide decentralized authentication, followed by centralized authorization.
Reachability analysis for role-based administration of attributes
Xin Jin,Ram Krishnan,Ravi Sandhu +2 more
- 08 Nov 2013
TL;DR: The algorithms not only answer reachability problem but also provide a plan of sequential attribute updates by one or more administrators in order to reach particular values for user attributes in a restricted GURA model called rGURA.
14
Patterns for Authentication and Authorisation Infrastructures
R. Erber,Christian Schläger,Günther Pernul +2 more
- 03 Sep 2007
TL;DR: The derived pattern system consists of security patterns already published and in use, as well as on open standards like SAML and XACML and related patterns, which can be directly used in the software development cycle, as proposed by different methodologies.
•Journal Article
Weakest Link Attack on Single Sign-On and Its Case in SAML V2.0 Web SSO
TL;DR: Weakest link attack as mentioned in this paper is a parallel session attack that enables adversaries to succeed at all levels of authentication associate to the victim user by breaking only at the weakest one, which can be exploited by the adversaries to launch a new kind of attack specific to SSO systems.
13
References
Attributed based access control (ABAC) for Web services
Eric Yuan,J. Tong +1 more
- 11 Jul 2005
TL;DR: The paper describes the ABAC model in terms of its authorization architecture and policy formulation, and makes a detailed comparison between ABAC and traditional role-based models, which clearly shows the advantages of ABAC.
821
Supporting attribute-based access control with ontologies
Torsten Priebe,Wolfgang Dobmeier,N. Kamprath +2 more
- 20 Apr 2006
TL;DR: This paper presents an approach based on an extension of the established XACML standard that simplifies the policies by providing an ontology-based attribute management facility.
126
Cardea: Dynamic Access Control in Distributed Systems
Rebekah Lepro
- 01 Jan 2004
TL;DR: Cardea, a distributed system that facilitates dynamic access control, is presented as a valuable piece of an inter-operable authorization framework and connection points with general components of an authorization system are highlighted.
Authentication and authorisation infrastructures in b2c e-commerce
Christian Schlaeger,Guenther Pernul +1 more
- 23 Aug 2005
TL;DR: Criteria and requirements that any AAI for b2c e-commerce has to fulfil and candidates for evaluation are Kerberos, SESAME, PERMIS, AKENTI, Microsoft Passport, Shibboleth and the Liberty Framework.
27
Related Papers (5)
Christian Schlaeger,Guenther Pernul +1 more
- 23 Aug 2005
Eric Yuan,J. Tong +1 more
- 11 Jul 2005
Robert Steele,Will Tao +1 more
- 12 Dec 2005