10.1184/R1/6622109.v1
Alberto Sardinha
Alberto
Sardinha
Jinghai Rao
Jinghai
Rao
Norman Sadeh
Norman
Sadeh
Enforcing Context-Sensitive Policies in Collaborative Business Environments
Carnegie Mellon University
2007
Software Research
2007-01-01 00:00:00
Journal contribution
https://kilthub.cmu.edu/articles/journal_contribution/Enforcing_Context-Sensitive_Policies_in_Collaborative_Business_Environments/6622109
As enterprises seek to engage in increasingly rich
and agile forms of collaboration, they are turning
towards service-oriented architectures that enable
them to selectively expose different levels of
functionality to both existing and prospective
business partners. This includes enforcing access
control policies whose elements are tied to changing
contractual relationships or to information obtained
from external sources (e.g. ratings, credit worthiness,
export restrictions, etc.). To ensure maximum
openness, we argue that such sources of contextual
information should themselves be represented as web
services that can be identified and accessed on the
fly, as required to enforce relevant policies. We
propose an architecture for enforcing contextsensitive
access control policies in which sources of
information can be annotated with rich semantic
profiles. This includes a meta-control architecture for
dynamically orchestrating policy reasoning together
with the identification and access of external sources
of information required to enforce policies. We show
that this architecture can be implemented as an
extension to XACML’s PIP and context handler
functionality. We proceed to show that our
architecture extends to a broader class of corporate
and regulatory policies. The paper also presents
computational experiments aimed at evaluating the
scalability of our architecture.