UM Mbanaso
Privacy trust access control infrastructure using XACML
Mbanaso, UM
Authors
Contributors
D Chadwick
Supervisor
GS Cooper G.S.Cooper@salford.ac.uk
Supervisor
Abstract
The use of personal, sensitive information, such as privileges and attributes, to gain access to
computer resources in distributed environments raises an interesting paradox. On one hand, in
order to make the services and resources accessible to legitimate users, access control
infrastructure requires valid and provable service clients' identities or attributes to make
decisions. On the other hand, the service clients may not be prepared to disclose their identity
information or attributes to a remote party without determining in advance whether the service
provider can be trusted with such sensitive information. Moreover, when clients give out
personal information, they still are unsure of the extent of propagation and use of the
information. This thesis describes an investigation of privacy preserving options in access
control infrastructures, and proposes a security model to support the management of those
options, based on extensible Access Control Markup Language (XACML) and Security
Access Markup Language (SAML), both of which are OASIS security standards. Existing
access control systems are typically unilateral in that the enterprise service provider assigns the
access rights and makes the access control decisions, and there is no negotiation between the
client and the service provider. As access control management systems lean towards being
user-centric or federated, unilateral approaches can no longer adequately preserve the client's
privacy, particularly where communicating parties have no pre-existing trust relationship. As a
result, a unified approach that significantly improves privacy and confidentiality protection in
distributed environments was considered. This resulted in the development of XACML Trust
Management Authorization Infrastructure (XTMAI) designed to handle privacy and
confidentiality mutually and simultaneously using the concept of Obligation of Trust (OoT)
protocol. The OoT enables two or more transaction parties to exchange Notice of Obligations
(NoB) (obligating constraints) as well as Signed Acceptance of Obligation (SAO), a proof of
acceptance, as security assurances before exchange of sensitive resources.
Citation
Mbanaso, U. Privacy trust access control infrastructure using XACML. (Thesis). Salford : University of Salford
Thesis Type | Thesis |
---|---|
Deposit Date | Oct 3, 2012 |
Publicly Available Date | Oct 3, 2012 |
Award Date | Jan 1, 2009 |
Files
1121953X.pdf
(17.9 Mb)
PDF
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search