Meta-Data for Enterprise-Wide Security Administration

The paper gives an overview on the meta-data specification for administrating and enforcing enterprisewide security for heterogeneous and distributed information systems. The meta-data serves as a basis to maintain enterprise-wide security information centrally, to integrate isolated security specifications, to keep the consistency between different security policies, and to perform access controls. The meta-data specifies all the information necessary for retaining the security concepts of an interoperable environment as well as all corresponding security information. Since several security systems have to be integrated within an interoperable environment the meta-data also contains the specification of mappings between security concepts and concrete security information. 1. Introduction Within large enterprises the increasing quantity of information systems significantly burdens the proper interoperation and cooperation of the participating systems. Since new types of information sy..

Secure Mediation: Requirements and Design

In this paper we discuss the security requirements for mediation, and present our approach towards satisfying them, with an emphasis on confidentiality and authenticity. Furthermore we outline the design of the basic security mechanisms for mediators. Our basic approach suitably combines the concepts of credentials, for authentic authorization with some kind of anonymity, and of asymmetric encryption, for confidentiality, and it can be extended to include additional mechanisms like digital signatures and fingerprints. Additionally it adopts the model of role based security policies because of its application orientation and of its potentials to integrate and unify various policies