Authorisation Using Attributes from Multiple Authorities

Question

1. What contributions have the authors mentioned in the paper "Authorisation using attributes from multiple authorities – a study of requirements" ?

2. What are the common themes of the use cases submitted?

3. How many years of experience did the respondents have?

4. What percentage of respondents felt that the user’s privacy would be important?

Accepted Answer

This paper presents the results of a survey of requirements for attribute aggregation in authorisation systems, gathered from an international community of security professionals.

Accepted Answer

The common themes of the submitted use cases were the use of grid computing in projects as well as Shibboleth and federated access to resources.

Accepted Answer

Over 50% of the respondents had more than 10 years of experience as a computing professional, with 13% having more than 25 years of experience.

Accepted Answer

80% of participants believed that Humans via web-browsers would be potential users, 77% believed that grid users and their clients would be potential users and 65% believed that Application and API’s would be potential users.

Accepted Answer

Due to the global nature of today’s networked resources the need for flexible and easily managed authorisation infrastructures is increasingly important.

Accepted Answer

The draft questionnaire was distributed to six people who had a close relationship with the project team, in order to test its semantic clarity, lack of ambiguity, effectiveness and coverage of the topic.

Accepted Answer

13% felt that the SP should be able to access a user’s identity anytime without the aid of another party, whilst the majority (43%) thought the SP should only be able to do this in exceptional circumstances by contacting the user’s AAs or IdPs.

Accepted Answer

The majority of users (70%) felt that this was an essential feature, with 20% thinking that a single proxy would be sufficient but 50% believing that multiple proxys (or protocol hops) must be supported.

Accepted Answer

Consequently the people the authors surveyed were security professionals who are already working in the general area of network authorisation and virtual organisations, and who are already aware of this problem space.

Accepted Answer

Technical controls are essential and should be independent of legal matters (52%)All but 4% of the respondents stated that some technical controls should be implemented and the majority believe that the controls should be independent of legal matters.

Accepted Answer

The results showed that 54% of participants thought that more than 3 attributes sources could be required compared to only 4% that believed a single attribute source would be sufficient.

Accepted Answer

Researchers and early adopters are realising that a single source of user attributes is insufficient for authorisation in many applications e.g. access to a medical database might require a GP attribute from the General Medical Council and a consultant attribute from the employing hospital; or online shopping might require a credit card from a bank for the purchase and a frequent flyer card to award air miles.

Accepted Answer

The results showed that 62% of participants believed this issue to be important or very important compared to 14% which believe it be of little to no importance.

Accepted Answer

65% of respondents felt that it was either important or very important at the present time, compared to just 7.6% who felt that it was probably not that important or of no importance at all.

Authorisation Using Attributes from Multiple Authorities

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What contributions have the authors mentioned in the paper "Authorisation using attributes from multiple authorities – a study of requirements" ?

2. What are the common themes of the use cases submitted?

3. How many years of experience did the respondents have?

4. What percentage of respondents felt that the user’s privacy would be important?

5. Why is the need for a flexible and easily managed authorisation infrastructure increasingly important?

6. How many people were asked to answer the questionnaire?

7. How many respondents felt that the SP should be able to track users between sessions?

8. What percentage of users felt that proxying was essential?

9. What is the main reason why the authors surveyed people?

10. What percentage of respondents believe that technical controls should be implemented?

11. What percentage of respondents thought that more than 3 attributes sources could be required?

12. What is the main reason for the lack of a single source of user attributes?

13. How many participants believed that the privacy of user attributes should be enforced?

14. How many respondents felt that the user’s privacy was important?

Figures

Citations

Biomedical Informatics for Cancer Research

Attribute Aggregation in Federated Identity Management

Adding support to XACML for multi-domain user to user dynamic delegation of authority

AttributeTrust A Framework for Evaluating Trust in Aggregated Attributes via a Reputation System

Adding support to XACML for dynamic delegation of authority in multiple domains

References

Role-based access control with X.509 attribute certificates

Shibboleth Architecture Protocols and Profiles

VOMS, an Authorization System for Virtual Organizations

Related Papers (5)

Attribute Aggregation and Federated Identity

Shibboleth Architecture Protocols and Profiles

A Dynamic Access Control Policy Model for Sharing of Healthcare Data in Multiple Domains

User-centric identity management using trusted modules

Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers