© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Authorisation using Attributes from Multiple Authorities
D.W. Chadwick
In Proceedings of Workshops on Enabling Technologies (WET-ICE 2006), pages 182-196, June 2006 Winner of Best Paper Award.Abstract
As attribute based authorisation infrastructures such as XACML gain in popularity, linking together user attributes from multiple attribute authorities (AAs) is becoming a pressing problem. Current models and mechanisms do not support this linking, primarily because the user is known by different names in the different AAs. Furthermore, linking the attributes together poses a potential risk to the users privacy. This paper provides a model and protocol elements for linking AAs, service providers and user attributes together, under the sole control of the user, thereby maintaining the users privacy. The paper also shows how the model and protocol elements can be implemented using existing technologies, namely relational databases or LDAP directories, and the SAML protocol.
Download publication 155 kbytes (PDF)Bibtex Record
@inproceedings{2412, author = {Chadwick, D.W. }, title = {Authorisation using {A}ttributes from {M}ultiple {A}uthorities}, month = {June}, year = {2006}, pages = {182-196}, keywords = {determinacy analysis, Craig interpolants}, note = {Winner of Best Paper Award}, doi = {}, url = {http://www.cs.kent.ac.uk/pubs/2006/2412}, publication_type = {inproceedings}, submission_id = {10198_1155646759}, booktitle = {Proceedings of Workshops on Enabling Technologies (WET-ICE 2006)}, }