Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Bojan Suzic; Andreas Reiter; Alexander Marsalek

doi:10.1109/CNS.2017.8228700

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Bojan Suzic, Andreas Reiter, Alexander Marsalek

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

Originalsprache	englisch
Titel	2017 IEEE Conference on Communications and Network Security (CNS)
Erscheinungsort	Las Vegas
Herausgeber (Verlag)	IEEE Press
Seiten	522-530
Seitenumfang	9
DOIs	https://doi.org/10.1109/CNS.2017.8228700
Publikationsstatus	Veröffentlicht - Okt. 2017
Veranstaltung	IEEE Conference on Communications and Network Security - Dauer: 9 Okt. 2017 → 11 Okt. 2017

Konferenz

Konferenz	IEEE Conference on Communications and Network Security
Kurztitel	IEEE CNS 2017
Zeitraum	9/10/17 → 11/10/17

Zugriff auf Dokument

10.1109/CNS.2017.8228700

PID4962265-finEndgültige, publizierte Fassung, 1,68 MBLizenz: Andere

1 Abgeschlossen
1 Laufend

A-SIT - Zentrum für sichere Informationstechnologie Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Projekt: Arbeitsgebiet
SUNFISH - SUNFISH- Sicheres Teilen von Information in föderierten und hetorgenen privaten Clouds
Reiter, A., Marsalek, A., Suzic, B., Posch, R., Leitold, H. & Reimair, F.
1/01/15 → 31/12/17
Projekt: Foschungsprojekt

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management
Bojan Suzic (Redner/in), Andreas Reiter (Beitragende/r) & Alexander Marsalek (Beitragende/r)
Okt. 2017
Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science

Dieses zitieren

@inproceedings{0d0f3a8c3eaf4fc1ba022b07c68e2fb3,

title = "Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management",

abstract = "n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.",

keywords = "web api, oauth, authorization management, web security, security policies",

author = "Bojan Suzic and Andreas Reiter and Alexander Marsalek",

year = "2017",

month = oct,

doi = "10.1109/CNS.2017.8228700",

language = "English",

pages = "522--530",

booktitle = "2017 IEEE Conference on Communications and Network Security (CNS)",

publisher = "IEEE Press",

note = "IEEE Conference on Communications and Network Security, IEEE CNS 2017 ; Conference date: 09-10-2017 Through 11-10-2017",

}

TY - GEN

T1 - Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

AU - Suzic, Bojan

AU - Reiter, Andreas

AU - Marsalek, Alexander

PY - 2017/10

Y1 - 2017/10

N2 - n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

AB - n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

KW - web api

KW - oauth

KW - authorization management

KW - web security

KW - security policies

U2 - 10.1109/CNS.2017.8228700

DO - 10.1109/CNS.2017.8228700

M3 - Conference paper

SP - 522

EP - 530

BT - 2017 IEEE Conference on Communications and Network Security (CNS)

PB - IEEE Press

CY - Las Vegas

T2 - IEEE Conference on Communications and Network Security

Y2 - 9 October 2017 through 11 October 2017

ER -

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Abstract

Konferenz

Zugriff auf Dokument

Fingerprint

Projekte

A-SIT - Zentrum für sichere Informationstechnologie Austria

SUNFISH - SUNFISH- Sicheres Teilen von Information in föderierten und hetorgenen privaten Clouds

Aktivitäten

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Dieses zitieren