{"title":"利用属性映射弥合用户属性和服务策略之间的差距","authors":"D. Cerri, F. Corcoglioniti","doi":"10.1109/CEC.2009.29","DOIUrl":null,"url":null,"abstract":"People, companies, and public authorities can now have a strong on-line presence and a huge amount of interactions on the Internet, made possible by the impressive growth of the World Wide Web and of Web technologies. Many independent parties provide services and exchange information in a plural, dynamic, and open environment. This scenario, where interacting parties are often strangers, naturally brings to attribute-based access control solutions, as traditional identity-based systems are usually inadequate to large open environments. User attributes certified by external authorities, however, tend to be rather general-purpose and to reflect a user point of view, thus they often do not coincide with the concepts that are relevant for the service. In this paper we propose a framework to decouple the user point of view and the service point of view on user attributes: following our model, the service access control policy can focus on the concepts that are relevant for the service logic, whereas a separate attribute mapping policy establishes the bridge between the two domains.","PeriodicalId":384060,"journal":{"name":"2009 IEEE Conference on Commerce and Enterprise Computing","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Bridging the Gap between User Attributes and Service Policies with Attribute Mapping\",\"authors\":\"D. Cerri, F. Corcoglioniti\",\"doi\":\"10.1109/CEC.2009.29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"People, companies, and public authorities can now have a strong on-line presence and a huge amount of interactions on the Internet, made possible by the impressive growth of the World Wide Web and of Web technologies. Many independent parties provide services and exchange information in a plural, dynamic, and open environment. This scenario, where interacting parties are often strangers, naturally brings to attribute-based access control solutions, as traditional identity-based systems are usually inadequate to large open environments. User attributes certified by external authorities, however, tend to be rather general-purpose and to reflect a user point of view, thus they often do not coincide with the concepts that are relevant for the service. In this paper we propose a framework to decouple the user point of view and the service point of view on user attributes: following our model, the service access control policy can focus on the concepts that are relevant for the service logic, whereas a separate attribute mapping policy establishes the bridge between the two domains.\",\"PeriodicalId\":384060,\"journal\":{\"name\":\"2009 IEEE Conference on Commerce and Enterprise Computing\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-07-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 IEEE Conference on Commerce and Enterprise Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CEC.2009.29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 IEEE Conference on Commerce and Enterprise Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CEC.2009.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Bridging the Gap between User Attributes and Service Policies with Attribute Mapping
People, companies, and public authorities can now have a strong on-line presence and a huge amount of interactions on the Internet, made possible by the impressive growth of the World Wide Web and of Web technologies. Many independent parties provide services and exchange information in a plural, dynamic, and open environment. This scenario, where interacting parties are often strangers, naturally brings to attribute-based access control solutions, as traditional identity-based systems are usually inadequate to large open environments. User attributes certified by external authorities, however, tend to be rather general-purpose and to reflect a user point of view, thus they often do not coincide with the concepts that are relevant for the service. In this paper we propose a framework to decouple the user point of view and the service point of view on user attributes: following our model, the service access control policy can focus on the concepts that are relevant for the service logic, whereas a separate attribute mapping policy establishes the bridge between the two domains.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
