Enabling Attribute Delegation in Ubiquitous Environments

When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

[1]  Javier López,et al.  Graphical Representation of Authorization Policies for Weighted Credentials , 2006, ACISP.

[2]  Gómez-PérezAsunción,et al.  Methodologies, tools and languages for building ontologies , 2003 .

[3]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[4]  Holger Knublauch,et al.  The Protégé OWL Plugin: An Open Development Environment for Semantic Web Applications , 2004, SEMWEB.

[5]  Arnaud Sahuguet,et al.  Identity management on converged networks: a reality check , 2006, WWW '06.

[6]  Anna Fensel,et al.  Choosing an Ontology Language , 2005, WEC.

[7]  C. M. Sperberg-McQueen,et al.  eXtensible Markup Language (XML) 1.0 (Second Edition) , 2000 .

[8]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[9]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[10]  C. M. Sperberg-McQueen,et al.  Extensible markup language , 1997 .

[11]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[12]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[13]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[14]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[15]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[16]  José A. Montenegro,et al.  A Representation Model of Trust Relationships with Delegation Extensions , 2005, iTrust.

[17]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..

[18]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[19]  Asunción Gómez-Pérez,et al.  Methodologies, tools and languages for building ontologies: Where is their meeting point? , 2003, Data Knowl. Eng..

[20]  William H. Winsborough,et al.  Automated trust negotiation in attribute-based access control , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[21]  Burton S. Kaliski A Layman's Guide to a Subset of ASN.1, BER, and DER , 2002 .

[22]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[23]  Isaac Agudo,et al.  A Graphical Delegation Solution for X.509 Attribute Certificates , 2005 .

[24]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[25]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  Jeff Hodges,et al.  A brief introduction to liberty , 2002 .

[27]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[28]  Ninghui Li,et al.  Safety in Automated Trust Negotiation , 2004, IEEE Symposium on Security and Privacy.

[29]  David W. Chadwick,et al.  An XML alternative for performance and security: ASN.1 , 2004, IT Professional.