By Topic

Automated trust negotiation in identity federations using OWL-based abduction of missing credentials

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Kuba, M. ; Inst. of Comput. Sci., Masaryk Univ., Brno, Czech Republic

Creating ontologies and access control policies have one thing in common - a lot of work is spent on creating precise definitions like “who is a full time student” and answering difficult questions like “Are unpaid teachers employees?”. Thus ontologies written in OWL and SWRL are a good match for access control policies. However the research in this area always assumed that the semantic information about a user is readily available. But such assumption can be satisfied only in a centralized system, not in decentralized systems enabled by the recent formation of identity federations, in which organizations can authenticate users from other organizations, and make authorization decisions about access to their resources based on user information provided by the other organizations. For security and privacy reasons, all available information about a user cannot be released to everyone, but only on a strictly need-to-know basis. In today's federated systems, the user information is selected and released at once in the moment of user authentication, but it may be inadequate if the user information is used for processing using rich ontology-based access control policies. This paper proposes a novel method for releasing semantic information between organizations in an identity federation, based on automated trust negotiation between the releasing Identity Provider and the consuming Service Provider. In the negotiation, the Service Provider gradually asks for more and more information about the user, until an authorization decision can be made. The paper also proposes an algorithm for detecting which information needed for a decision is missing in an OWL2 ontology.

Published in:

Internet Technology and Secured Transactions (ICITST), 2011 International Conference for

Date of Conference:

11-14 Dec. 2011