Cross-Domain Attribute Conversion for Authentication and Authorization

In bio-security emergencies, such as an outbreak of an exotic animal disease, it is essential that the organizations involved in combating this outbreak collaborate effectively and efficiently. To achieve such a collaboration potentially confidential infrastructure and resources need to be shared amongst members of the participating organizations. In AU2EU we demonstrate the combination of existing data minimizing authentication, attribute-based authorization technologies to dynamically enable collaborations between these organization. However, a key problem that occurs during the establishment of such collaboration is different terminologies for similar authorization attributes. To overcome these differences and to minimize the overhead for new organizations to join an existing consortium we propose an ontology-based solution for converting attributes from one domain vocabulary to another. Additionally, we propose a methodology to construct a shared domain vocabulary. Using a shared domain vocabulary in the conversion process decreases the amount of alignments required for collaborating. We integrate and demonstrate the feasibility of this approach in a real-life scenario within the scope of AU2EU. This paper presents preliminary work, which is currently being deployed and will be evaluated in the upcoming months.

[1]  Sabrina De Capitani di Vimercati,et al.  Enabling Privacy-preserving Credential-based Access Control with XACML and SAML , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[2]  Jerry den Hartog,et al.  Understanding Perceived Trust to Reduce Regret , 2015, Comput. Intell..

[3]  Nicola Zannone,et al.  Data minimisation in communication protocols: a formal analysis framework and application to identity management , 2012, International Journal of Information Security.

[4]  Robert Meersman,et al.  Ontology-Based Matching of Security Attributes for Personal Data Access in e-Health , 2011, OTM Conferences.

[5]  Sandro Etalle,et al.  A Semantic Security Framework for Systems of Systems , 2013, Int. J. Cooperative Inf. Syst..

[6]  Jerry den Hartog,et al.  Integration of Data-Minimising Authentication into Authorisation Systems , 2014, TRUST.

[7]  Dickson Lukose,et al.  Ontology Alignment - A Survey with Focus on Visually Supported Semi-Automatic Techniques , 2010, Future Internet.

[8]  Marc Ehrig,et al.  Ontology Alignment: Bridging the Semantic Gap , 2006 .

[9]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[10]  Yuzhong Qu,et al.  Falcon-AO: A practical ontology matching system , 2008, J. Web Semant..

[11]  Kai Rannenberg,et al.  Attribute-Based Credentials for Trust (ABC4Trust) , 2012, TrustBus.

[12]  Sean Bechhofer,et al.  SKOS Simple Knowledge Organization System Reference , 2009 .

[13]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[14]  Jens Lehmann,et al.  DBpedia - A crystallization point for the Web of Data , 2009, J. Web Semant..

[15]  Viviana Mascardi,et al.  A Comparison of Upper Ontologies , 2007, WOA.

[16]  Jerry den Hartog,et al.  POSTER: TRIPLEX: verifying data minimisation in communication systems , 2013, CCS.

[17]  Nora Kamprath,et al.  Supporting attribute-based access control with ontologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[18]  Jerry den Hartog,et al.  TRIPLEX: verifying data minimisation in communication systems. , 2013, CCS 2013.

[19]  Klemens Böhm,et al.  A Flexible Architecture for Privacy-Aware Trust Management , 2010, J. Theor. Appl. Electron. Commer. Res..

[20]  Patrick Lambrix,et al.  SAMBO - A system for aligning and merging biomedical ontologies , 2006, J. Web Semant..