Flexible Resolution of Authorisation Conflicts in Distributed Systems

Flexible Resolution of Authorisation Conflicts in Distributed System

D-FOAF: Distributed Identity Management with Access Rights Delegation

WWW provides a large number of services, which often require identification of it¿s users. This has lead to the fact that today users have to maintain a large number of different credentials for different websites - distributed or shared identification system are not widely deployed. Furthermore current authorisation systems requires strict centralisation of the authorisation procedure - users themselves are usually not enabled to authorise their trusted friends to access services, although often this would be beneficial for services and businesses on the Web. In this article we present D-FOAF, a distributed identity management system which deploys social networks. We show how information inherent in social networks can be utilised to provide community driven access rights delegation and we analyse algorithms for managing distributed identity, authorisation and access rights checking. Finally we show how the social networking information can be protected in a distributed environment.peer-reviewe

New directions in access control

Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Traditionally, the access control process is based on a simple paradigm with basic functionalities (e.g., simple authorization tuples), the access control rules are under the control of a single party, and relying on user's authentication. The emerging open-based scenarios make inapplicable traditional assumptions. In this paper we illustrate recent proposals and ongoing work addressing access control. in emerging applications and new scenarios