Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio...
Transcript of Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio...
![Page 1: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/1.jpg)
Semantic Access ControlSemantic Access Control
Mariemma Yagüe, Antonio MañaComputer Science Department
University of Málagae-mail: [email protected]
![Page 2: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/2.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 3: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/3.jpg)
AgendaAgenda
? Introduction? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 4: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/4.jpg)
Traditional Access Control SchemesTraditional Access Control Schemes
DAC, Discretionary Access Control– Multi-user DBs
• Reduced number of previously known users.• Changes are not frequent. • Resources under a unique entity.
– Control based on identity. • Rules stating what a user can do or not.
![Page 5: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/5.jpg)
Traditional Access Control SchemesTraditional Access Control Schemes
MAC, Mandatory Access Control– Military environments
• High number of users• Linear and Static Hierarchical classification.
– Control based on Security Levels. • Rules established by a central authority.• Definition of Security Levels• Allocation of levels to resources and users
![Page 6: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/6.jpg)
Traditional Access Control SchemesTraditional Access Control Schemes
RBAC, Role-based Access Control– Business. Corporative Intranets.
• Hierarchical structures. • Access Permissions depending on the user
position (role) in the hierarchy.– Control based on roles played
• Rules establishing permissions of access to roles. • Allocation of roles to users.
![Page 7: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/7.jpg)
Open and Distributed EnvironmentsOpen and Distributed Environments
?Heterogeneity • Open Access Control Scheme
?Interoperability• Separation of the Responsibilities of Authorization and
Access Control
?Flexibility• Independence of the Application Domain
?Scalability• Completely Distributed Scheme
?Dynamism• Adaptation transparently and automatically
![Page 8: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/8.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model
– Semantic Policy Language
? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 9: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/9.jpg)
SemanticSemanticModellingModelling
Basis for a New AC ModelBasis for a New AC Model
Semantic Integration of Authorization and Access Control Applications
Separation of responsibilities of Authorization andAccess Control is widely accepted as a Flexible and Interoperable Solution
SemanticSemanticModellingModelling
Access Control
AuthorizationEntities
Semantic Connection
![Page 10: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/10.jpg)
SAC, Semantic Access ControlSAC, Semantic Access Control
? Schema based on the concept of attribute
? Access based on semantics
?No ambiguity in policies? Semantic Correction?Dynamic Allocation of
Policies?Modularization? Parameterization?Reuse
?Mandatory Previous Subscription
?Mandatory Identification? Previous Establishment
of Elements for the support of access control – Users Hierarchy– Roles – Groups– Security
Classification– ...
AVOIDSAVOIDSPROVIDESPROVIDES
![Page 11: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/11.jpg)
MechanismsMechanisms inin SPL, SPL, Semantic Policy LanguageSemantic Policy Language
?To reduce the AC policies definition complexity: Modularity, Parameterisation and Abstraction.?Modularity in SPL implies:
– The separation of specification in three parts: • access control criteria• allocation of policies to resources• semantic information (properties about resources and
context)
– The abstraction of access control components– The ability to reuse these access control
components
![Page 12: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/12.jpg)
MechanismsMechanisms inin SPLSPL
? Access Control Criteria Specification (Policy): used to describenecessary conditions to get the access; they can be composed.
? Policy Applicability Specification (PAS): used to relate policies to objects dynamically when a request is received.
? Secured Resource Representation (SRR): used to describe semantic information about resources.
? SPL Policy and PAS can be parameterised: – This helps defining flexible and general policies and reducing the
number of different policies to manage.– Parameters are dynamically instantiated from semantic and contextual
information. ? Policies can be composed importing components of other policies
without ambiguity. – modular composition of policies based on the XPath standard.
![Page 13: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/13.jpg)
MetadataMetadata inin SPLSPL
?Metadata applied at different levels: – Semantic and contextual validation of access control
policies.
– Dynamic policy allocation and instantiation.
– Creation of policies• For the specification and acquisition of certification rules
– Management of policies• Any change in the authorization rules or the context is
detected and the consequences are revealed.
![Page 14: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/14.jpg)
SAC, SAC, SemanticSemantic Access ControlAccess Control
?Attribute Certificate Based Approach.
? Supported by XML related technologies for metadata.
?Modular Language.
? Policy Composition.
? Parameterised Policies.
?Content-aware access control (content introspection).
?Means for the semantic integration of an external PMI.– Authorization becomes interoperable.
![Page 15: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/15.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 16: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/16.jpg)
Semantic Integration of a PMISemantic Integration of a PMI
AuthenticationAuthentication
Personal Identity
AuthorizationAuthorization
Role, status,… social-economic attributes
Who am I dealing with?Who am I dealing with? Is she a student of Málaga University?
Is she a student of Málaga University?Is the client an adult?Is the client an adult?
Solution: Attribute Certificates
PUBLIC KEY PUBLIC KEY INFRASTRUCTUREINFRASTRUCTURE
PRIVILEGE MANAGEMENT PRIVILEGE MANAGEMENT INFRAESTRUCTUREINFRAESTRUCTURE
PKI: Certification Authority (CA)
Certificates only identity
PKI: Certification Authority (CA)
Certificates only identity
PMI: Source of Authorization (SOA)Certificates a set of semantically
related attributes
PMI: Source of Authorization (SOA)Certificates a set of semantically
related attributes
![Page 17: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/17.jpg)
Semantic Integration of a PMISemantic Integration of a PMI
SOAD Model (Source of Authorization Description)
?Describes the semantics of the certificates issued by the SOA.
?Describes relationships among the certificates
• and between attributes certified by this SOA and others sources of authorization.
?Helps to the specification of access criteria.
?Enables the semantic validation.
![Page 18: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/18.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 19: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/19.jpg)
Example: ACS DL Example: ACS DL ? Various Special Interest Groups (SIGs)
? ACS members can be members of the different SIGs, not mandatory.
? ACS publishes journals and newsletters, directly or through the SIGs.
? Newsletters can be accessed by the ACS members and also by people subscribed to them (ACS members or not).
? Journals can be accessed by users subscribed to them independently they are members of the ACS or not.
? If the journal is published by an Special Interest Group, all the members of that group can access that journal.
? An special subscription type called Portal grants access to every publication in the digital library.
![Page 20: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/20.jpg)
Example Example
s2
j1
n1
p
j2
n2
s1
nnn3
j3
a
jn
...
...
Role Hierarchy for the ACS Digital LibraryRole Hierarchy for the ACS Digital Library
A role for each journalA role for
each journal
A role for each newsletter
A role for each newsletter
SIG1 members can play j2 and j3 roles
SIG1 members can play j2 and j3 roles
A role for portal
A role for portal A role for
ACSA role for
ACS
Role structure must be predefined
Role structure must be predefined
![Page 21: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/21.jpg)
Policy for JournalsPolicy for Journals<?xml version="1.0" encoding="UTF-8"?><Policy … xsi:schemaLocation="http://www.lcc.uma.es/SAC Policy.xsd">
<Parameter>PublicationName</Parameter><Parameter>PublicationSOA</Parameter><AccessRules>
<AccessRule ><AttributeSet AttributeSetDescription="Suscripción a una
publicación" AttributeSetName="Suscripcion"><Attribute Equivalence="Enabled“>
<AttributeName>Subscription</AttributeName><AttributeValue>*PublicationName</AttributeValue><SOA_ID>*PublicationSOA</SOA_ID>
</Attribute></AttributeSet>
</AccessRule></AccessRules>
</Policy>
Instantiated from the journal SRRInstantiated from the journal SRR
Pol
icy
Pol
icy
![Page 22: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/22.jpg)
Allocation of Policy to ResourcesAllocation of Policy to Resources
<?xml version="1.0" encoding="UTF-8"?><spl:PAS xmlns:spl="http://www.lcc.uma.es/SAC"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.lcc.uma.es/SAC pas.xsd"><spl:Policy>Journal.xml</spl:Policy><spl:Object>
<spl:ObjectLocation>http://www.acs.org/</spl:ObjectLocation><spl:Conditions>
<spl:Condition><spl:PropertyName>PublicationType</spl:PropertyName>
<spl:PropertyValue>Journal</spl:PropertyValue></spl:Condition>
</spl:Conditions></spl:Object>
</spl:PAS>
Allocation of policy for journals (Journal.xml) to the ACS journalsAllocation of policy for journals
(Journal.xml) to the ACS journals
PA
SP
AS
![Page 23: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/23.jpg)
Description of TOSEC journalsDescription of TOSEC journals
<?xml version="1.0" encoding="UTF-8"?><SRR …xsi:schemaLocation="http://www.lcc.uma.es/SAC SRR.xsd" >
<Property><PropertyName>PublicationName</PropertyName><PropertyValue>TOSEC</PropertyValue>
</Property><Property>
<PropertyName>PublicationSOA</PropertyName><PropertyValue>SIGSEC</PropertyValue>
</Property><Property>
<PropertyName>PublicationType</PropertyName><PropertyValue>Journal</PropertyValue>
</Property><Resource>http://www.acs.org/Journals/TOSEC/</Resource>
</SRR>
Properties for the Instantiation
Properties for the Instantiation
SR
RS
RR
![Page 24: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/24.jpg)
Policy for the TOSEC journalPolicy for the TOSEC journal
<?xml version="1.0" encoding="UTF-8"?><Policy …xsi:schemaLocation="http://www.lcc.uma.es/SAC Policy.xsd">
<AccessRules><AccessRule>
<AttributeSet AttributeSetDescription="Suscripción a unapublicación" AttributeSetName="Suscripcion">
<Attribute Equivalence="Enabled“><AttributeName>Subscription</AttributeName><AttributeValue>TOSEC </AttributeValue><SOA_ID>SIGSEC</SOA_ID>
</Attribute></AttributeSet>
</AccessRule></AccessRules>
</Policy> Dynamically instantiated policy
Dynamically instantiated policy
Pol
icy
Pol
icy
![Page 25: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/25.jpg)
Semantics of the AttributesSemantics of the Attributes<SOAD …xsi:noNamespaceSchemaLocation="SOAD.xsd"
ValidFrom="2002-01-01T00:00:01" ValidUntil="2004-01-01T00:00:01"><SOA_ID>SIGSEC</SOA_ID><ACDeclarations>
<SOAAttribute><AttributeName>SIGMember</AttributeName><AttributeValue>SIGSEC</AttributeValue>
</SOAAttribute><SOAAttribute>
<AttributeName>Subscription</AttributeName><AttributeValue>SIGSECNewsLetter</AttributeValue>
</SOAAttribute><SOAAttribute>
<AttributeName>Subscription</AttributeName><AttributeValue>TOSEC</AttributeValue>
</SOAAttribute></ACDeclarations>
SOAD of the Interest Group on Security
SOAD of the Interest Group on Security
SO
AD
SO
AD
![Page 26: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/26.jpg)
Semantics of the AttributesSemantics of the Attributes<ACRelations>
<SOARule><AttributeSet>
<SOAAttribute><AttributeName>SIGMember</AttributeName><AttributeValue>SIGSEC</AttributeValue>
</SOAAttribute></AttributeSet><Relation>Implies</Relation><AttributeSet>
<SOAAttribute><AttributeName>Subscription</AttributeName><AttributeValue>SIGSECNewsLetter</AttributeValue>
</SOAAttribute><SOAAttribute>
<AttributeName>Subscription</AttributeName><AttributeValue>TOSEC</AttributeValue>
</SOAAttribute></AttributeSet>
</SOARule></ACRelations>
</SOAD>
To be a member of the SIG on Security, SIGSEC, implies the subscription to the SIGSEC newslettersTo be a member of the SIG on Security, SIGSEC,
implies the subscription to the SIGSEC newsletters
SO
AD
SO
AD
and to the TOSEC journal
and to the TOSEC journal
![Page 27: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/27.jpg)
Example ConclusionsExample Conclusions
?RBAC model presents problems to adapt to changes.
– Administrative overload.
?No every problem is easily modelled using RBAC.
? The SAC model enables to express in a more natural and simple way complex access control situations.
– Simple, generic, reusable, dynamically instantiated specifications.
? The semantic integration of external authorization entities provides additional advantages to SAC.
![Page 28: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/28.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation
– Management Mechanisms in SAC– Integration Mechanism of the PMI
? Conclusions? Future Work
![Page 29: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/29.jpg)
AdministrationAdministration
? One of the main objectives of the SAC model is the ease of administration.
– Validation of the semantic and contextual correction.
– Reuse of components.
– Ease of implementation.
– Administrator Supporting tools.
• Integrated environment with smart and visual edition, syntactic and semantic validation, control of changes, ...
– Authorization Management.
• SOADs Client
![Page 30: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/30.jpg)
AdministrationAdministration
Results Information
SPL POLÍCIES Pas & SRR
Policy Summary
Environment Window of the Policy Assistant
Environment Window of the Policy Assistant
![Page 31: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/31.jpg)
AdministrationAdministration
Context Sensitive Edition
Context Sensitive Edition
Change ControlChange Control
![Page 32: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/32.jpg)
Semantic Integration of PMISemantic Integration of PMI
?SOADs Management at the server andclient side– Publication / Localization– History– Caducity– Edition on the Server and the Client side.
![Page 33: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/33.jpg)
Semantic Integration of a PMISemantic Integration of a PMI
SOADs ManagementSystem
SOADs ManagementSystem
SOADs ClientSOADs Client
![Page 34: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/34.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 35: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/35.jpg)
ConclusionsConclusions
?Semantic Integration of Applications – of Authorization and Access Control.
?Access Control Model based on semantics of the contents and the application context.
?High level of Interoperability, Scalability, Flexibility, Adaptability, Applicability.
?Semantic Soundness.
?Ease of Administration.
?Avoids the registration phase.
![Page 36: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/36.jpg)
AgendaAgenda
? Introduction ? SAC, Semantic Access Control Model? Semantic Integration of a PMI? Example? Implementation? Conclusions? Future Work
![Page 37: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/37.jpg)
Future WorkFuture Work
? Delegation – To maintain the control over the delegation
process.• Establish semantics of the delegation.
? DRM– Extension of SPL to express rights over digital
contents.
– Inclusion of new DRM functions in the XSCD infrastructure.
? Application of SAC to new environments.
![Page 38: Semantic Access Control - TERENA · 2004-10-12 · Semantic Access Control Mariemma Yagüe, Antonio Maña Computer Science ... – Control based on identity. • Rules stating what](https://reader034.fdocuments.us/reader034/viewer/2022042113/5e8f988a33c10f2a5e74e01c/html5/thumbnails/38.jpg)
Presented by: Mariemma YagüeComputer Science Department
University of Málagae-mail: [email protected]
Semantic Access ControlSemantic Access Control
Thank you for your attention ;Thank you for your attention ;--))