Carnegie Mellon University
Browse
- No file added yet -

Enforcing Context-Sensitive Policies in Collaborative Business Environments

journal contribution
posted on 2007-01-01, 00:00 authored by Alberto Sardinha, Jinghai Rao, Norman Sadeh
As enterprises seek to engage in increasingly rich and agile forms of collaboration, they are turning towards service-oriented architectures that enable them to selectively expose different levels of functionality to both existing and prospective business partners. This includes enforcing access control policies whose elements are tied to changing contractual relationships or to information obtained from external sources (e.g. ratings, credit worthiness, export restrictions, etc.). To ensure maximum openness, we argue that such sources of contextual information should themselves be represented as web services that can be identified and accessed on the fly, as required to enforce relevant policies. We propose an architecture for enforcing contextsensitive access control policies in which sources of information can be annotated with rich semantic profiles. This includes a meta-control architecture for dynamically orchestrating policy reasoning together with the identification and access of external sources of information required to enforce policies. We show that this architecture can be implemented as an extension to XACML’s PIP and context handler functionality. We proceed to show that our architecture extends to a broader class of corporate and regulatory policies. The paper also presents computational experiments aimed at evaluating the scalability of our architecture.

History

Publisher Statement

All Rights Reserved

Date

2007-01-01

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC