TY - JOUR
T1 - Flexible secure inter-domain interoperability through attribute conversion
AU - Martínez-García, Carles
AU - Navarro-Arribas, Guillermo
AU - Foley, Simon N.
AU - Torra, Vicen
AU - Borrell, Joan
PY - 2011/8/15
Y1 - 2011/8/15
N2 - The access control policy of an application that is composed of interoperating components/services is defined in terms of the access control policies enforced by the respective services. These individual access control policies are heterogenous in the sense that the services may be independently developed and managed and it is not practical to assume that all policies are defined with respect to some uniform domain vocabulary of policy attributes. A framework is described that provides a domain mapping for heterogenous policies. A fuzzy-based conversion mechanism determines the degree to which an access control attribute of one (service) policy may safely interoperate with an access control attribute of another (service) policy. The approach is scalable in the sense that it is not necessary to a priori specify every pairwise policy interoperation relationship, rather, where obvious interpretations exist then policy relationships are specified, while other relationships are inferred using the fuzzy mechanism. © 2011 Elsevier Inc. All rights reserved.
AB - The access control policy of an application that is composed of interoperating components/services is defined in terms of the access control policies enforced by the respective services. These individual access control policies are heterogenous in the sense that the services may be independently developed and managed and it is not practical to assume that all policies are defined with respect to some uniform domain vocabulary of policy attributes. A framework is described that provides a domain mapping for heterogenous policies. A fuzzy-based conversion mechanism determines the degree to which an access control attribute of one (service) policy may safely interoperate with an access control attribute of another (service) policy. The approach is scalable in the sense that it is not necessary to a priori specify every pairwise policy interoperation relationship, rather, where obvious interpretations exist then policy relationships are specified, while other relationships are inferred using the fuzzy mechanism. © 2011 Elsevier Inc. All rights reserved.
KW - Access control
KW - Attribute conversion
KW - Flexibility
KW - Interoperability
U2 - https://doi.org/10.1016/j.ins.2011.04.023
DO - https://doi.org/10.1016/j.ins.2011.04.023
M3 - Article
VL - 181
SP - 3491
EP - 3507
JO - Information Sciences
JF - Information Sciences
SN - 0020-0255
ER -