9,891 research outputs found
Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents
This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities
Curating E-Mails; A life-cycle approach to the management and preservation of e-mail messages
E-mail forms the backbone of communications in many modern institutions and organisations and is a valuable type of organisational, cultural, and historical record. Successful management and preservation of valuable e-mail messages and collections is therefore vital if organisational accountability is to be achieved and historical or cultural memory retained for the future. This requires attention by all stakeholders across the entire life-cycle of the e-mail records.
This instalment of the Digital Curation Manual reports on the several issues involved in managing and curating e-mail messages for both current and future use. Although there is no 'one-size-fits-all' solution, this instalment outlines a generic framework for e-mail curation and preservation, provides a summary of current approaches, and addresses the technical, organisational and cultural challenges to successful e-mail management and longer-term curation.
DTD level authorization in XML documents with usage control
[Summary]: In recent years an increasing amount of semi-structured data has become important to humans and programs. XML promoted by the World Wide Web Consortium (W3C) is rapidly emerging as the new standard language for semi-structured data representation and exchange on the Internet. XML documents may contain private information that cannot be shared by all user communities. So securing XML data is becoming increasingly important and several approaches have been designed to protect information in a website. However, these approaches typically are used at file system level, rather than for the data in XML documents. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. Usage control enables finer-grained control
over usage of digital objects than that of traditional access control policies and models.
In this paper, we present a usage control model to protect
information distributed on the web, which allows the access
restrictions directly at DTD-level and XML document-level.
Finally, comparisons with related works are analysed
The PERMIS X.509 Based Privilege Management Infrastructure
This document describes the PERMIS X.509 Based Privilege Management Infrastructure, which is a trust management system as described in RFC 2704 [2]. The PERMIS Infrastructure is compared with the AAA Authorisation Framework described in RFC 2904 [4], and is shown to be compatible with it
Authorised Translations of Electronic Documents
A concept is proposed to extend authorised translations of documents to
electronically signed, digital documents. Central element of the solution is an
electronic seal, embodied as an XML data structure, which attests to the
correctness of the translation and the authorisation of the translator. The
seal contains a digital signature binding together original and translated
document, thus enabling forensic inspection and therefore legal security in the
appropriation of the translation. Organisational aspects of possible
implementation variants of electronic authorised translations are discussed and
a realisation as a stand-alone web-service is presented.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
3PAC: Enforcing Access Policies for Web Services
Web services fail to deliver on the promise of ubiquitous deployment and seamless interoperability due to the lack of a uniform, standards-based approach to all aspects of security. In particular, the enforcement of access policies in a service oriented architecture is not addressed adequately. We present a novel approach to the distribution and enforcement of credentials-based access policies for Web services (3PAC) which scales well and can be implemented in existing deployments
Security for Grid Services
Grid computing is concerned with the sharing and coordinated use of diverse
resources in distributed "virtual organizations." The dynamic and
multi-institutional nature of these environments introduces challenging
security issues that demand new technical approaches. In particular, one must
deal with diverse local mechanisms, support dynamic creation of services, and
enable dynamic creation of trust domains. We describe how these issues are
addressed in two generations of the Globus Toolkit. First, we review the Globus
Toolkit version 2 (GT2) approach; then, we describe new approaches developed to
support the Globus Toolkit version 3 (GT3) implementation of the Open Grid
Services Architecture, an initiative that is recasting Grid concepts within a
service oriented framework based on Web services. GT3's security implementation
uses Web services security mechanisms for credential exchange and other
purposes, and introduces a tight least-privilege model that avoids the need for
any privileged network service.Comment: 10 pages; 4 figure
A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications
Cloud computing is significantly reshaping the computing industry built
around core concepts such as virtualization, processing power, connectivity and
elasticity to store and share IT resources via a broad network. It has emerged
as the key technology that unleashes the potency of Big Data, Internet of
Things, Mobile and Web Applications, and other related technologies, but it
also comes with its challenges - such as governance, security, and privacy.
This paper is focused on the security and privacy challenges of cloud computing
with specific reference to user authentication and access management for cloud
SaaS applications. The suggested model uses a framework that harnesses the
stateless and secure nature of JWT for client authentication and session
management. Furthermore, authorized access to protected cloud SaaS resources
have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component
and a Policy Activity Monitor (PAM) component have been introduced. In
addition, other subcomponents such as a Policy Validation Unit (PVU) and a
Policy Proxy DB (PPDB) have also been established for optimized service
delivery. A theoretical analysis of the proposed model portrays a system that
is secure, lightweight and highly scalable for improved cloud resource security
and management.Comment: 6 Page
- …