Policy-Driven Distributed Authorization: Status and Prospects

Policies show great potential as a way to control the behavior of complex computer systems. In the case of authorization decisions in large distributed systems, policies offer the potential to abstract away from the details of who is allowed to access which services, under which conditions. This layer of abstraction is both a challenge and an opportunity: policy-driven distributed authorization systems may be more manageable, scalable, available, and secure than previous approaches---or they may be just the opposite. In the talk that accompanies this paper paper, we survey the status of the field and its near- term prospects, from both a theoretical and a practical perspective, and point out the major barriers to the adoption of policy-driven authorization systems in industry.

[1]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[2]  Author $article.title , 2002, Nature.

[3]  Deborah L. McGuinness,et al.  A proof markup language for Semantic Web services , 2006, Inf. Syst..

[4]  Elisa Bertino,et al.  Trust-/spl Xscr/;: a peer-to-peer framework for trust establishment , 2004, IEEE Transactions on Knowledge and Data Engineering.

[5]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[6]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[7]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[8]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[9]  Fabio Massacci,et al.  An Interactive Trust Management and Negotiation Scheme , 2004, Formal Aspects in Security and Trust.

[10]  Scott Cantor,et al.  Shibboleth Architecture Technical Overview , 2005 .

[11]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[13]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..