Policy languages for digital identity management in federation systems

Elisa Bertino; Abhilasha Bhargav-Spantzel; Anna Cinzia Squicciarini

doi:10.1109/POLICY.2006.22

Policy languages for digital identity management in federation systems

Elisa Bertino
, Abhilasha Bhargav-Spantzel
, Anna Cinzia Squicciarini

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified.

Original language	English (US)
Title of host publication	Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006
Publisher	IEEE Computer Society
Pages	11-21
Number of pages	11
ISBN (Print)	0769525989, 9780769525983
DOIs	https://doi.org/10.1109/POLICY.2006.22
State	Published - 2006
Event	7th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006 - London, ON, Canada Duration: Jun 5 2006 → Jun 7 2006

Publication series

Name	Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006
Volume	2006

Other

Other	7th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006
Country/Territory	Canada
City	London, ON
Period	6/5/06 → 6/7/06

All Science Journal Classification (ASJC) codes

General Engineering

Access to Document

10.1109/POLICY.2006.22

Cite this

Bertino, E., Bhargav-Spantzel, A., & Squicciarini, A. C. (2006). Policy languages for digital identity management in federation systems. In Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006 (pp. 11-21). Article 1631155 (Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006; Vol. 2006). IEEE Computer Society. https://doi.org/10.1109/POLICY.2006.22

Bertino, Elisa ; Bhargav-Spantzel, Abhilasha ; Squicciarini, Anna Cinzia. / Policy languages for digital identity management in federation systems. Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006. IEEE Computer Society, 2006. pp. 11-21 (Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006).

@inproceedings{93d83bdffae541ea8d44970ea4e00442,

title = "Policy languages for digital identity management in federation systems",

abstract = "The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified.",

author = "Elisa Bertino and Abhilasha Bhargav-Spantzel and Squicciarini, \{Anna Cinzia\}",

year = "2006",

doi = "10.1109/POLICY.2006.22",

language = "English (US)",

isbn = "0769525989",

series = "Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006",

publisher = "IEEE Computer Society",

pages = "11--21",

booktitle = "Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006",

address = "United States",

note = "7th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006 ; Conference date: 05-06-2006 Through 07-06-2006",

}

Bertino, E, Bhargav-Spantzel, A & Squicciarini, AC 2006, Policy languages for digital identity management in federation systems. in Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006., 1631155, Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006, vol. 2006, IEEE Computer Society, pp. 11-21, 7th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006, London, ON, Canada, 6/5/06. https://doi.org/10.1109/POLICY.2006.22

Policy languages for digital identity management in federation systems. / Bertino, Elisa; Bhargav-Spantzel, Abhilasha; Squicciarini, Anna Cinzia.
Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006. IEEE Computer Society, 2006. p. 11-21 1631155 (Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006; Vol. 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Policy languages for digital identity management in federation systems

AU - Bertino, Elisa

AU - Bhargav-Spantzel, Abhilasha

AU - Squicciarini, Anna Cinzia

PY - 2006

Y1 - 2006

N2 - The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified.

AB - The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified.

UR - https://www.scopus.com/pages/publications/33845433424

UR - https://www.scopus.com/pages/publications/33845433424#tab=citedBy

U2 - 10.1109/POLICY.2006.22

DO - 10.1109/POLICY.2006.22

M3 - Conference contribution

AN - SCOPUS:33845433424

SN - 0769525989

SN - 9780769525983

T3 - Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006

SP - 11

EP - 21

BT - Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006

PB - IEEE Computer Society

T2 - 7th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006

Y2 - 5 June 2006 through 7 June 2006

ER -

Bertino E, Bhargav-Spantzel A, Squicciarini AC. Policy languages for digital identity management in federation systems. In Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006. IEEE Computer Society. 2006. p. 11-21. 1631155. (Proceedings - Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006). doi: 10.1109/POLICY.2006.22

Policy languages for digital identity management in federation systems

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this