Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

An Audit Logic for Accountability

We describe and implement a policy language. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are accountable for their actions, and may be audited by an authority requiring justifications.Comment: To appear in Proceedings of IEEE Policy 200

Using the event calculus for tracking the normative state of contracts

In this work, we have been principally concerned with the representation of contracts so that their normative state may be tracked in an automated fashion over their deployment lifetime. The normative state of a contract, at a particular time, is the aggregation of instances of normative relations that hold between contract parties at that time, plus the current values of contract variables. The effects of contract events on the normative state of a contract are specified using an XML formalisation of the Event Calculus, called ecXML. We use an example mail service agreement from the domain of web services to ground the discussion of our work. We give a characterisation of the agreement according to the normative concepts of: obligation, power and permission, and show how the ecXML representation may be used to track the state of the agreement, according to a narrative of contract events. We also give a description of a state tracking architecture, and a contract deployment tool, both of which have been implemented in the course of our work.

Towards access control for visual Web model management

2004-2005 > Academic research: refereed > Refereed conference paperVersion of RecordPublishe

Collaborative Privacy Policy Authoring in a Social Networking Context.

Recent years have seen a significant increase in the popularity of social networking services. These online services enable users to construct groups of contacts, referred to as friends, with which they can share digital content and communicate. This sharing is actively encouraged by the social networking services, with users privacy often seen as a secondary concern. In this paper we first propose a privacy-aware social networking service and then introduce a collaborative approach to authoring privacy policies for the service. In addressing user privacy, our approach takes into account the needs of all parties affected by the disclosure of information and digital content. © 2010 Crown

An Access Control Model for Tree Data Structure

International audienceTrees are very often used to structure data. For instance, file systems are structured into trees and XML documents can be represented by trees. There are literally as many access control schemes as there are tree data structures. Consequently, an access control model which has been defined for a particular kind of tree cannot be easily adapted to another kind of tree. In this paper, we propose an access control model for generic tree data structures. This model can then be applied to any specific typed tree data structure