Abstract
In a federated system, it is not uncommon for a user profile registered to a particular system to contain enough attributes to request services from that system. Other attributes may be missing from that profile when services are requested from another system. The problem is that currently, when a change in user attributes happens, it is very difficult for the federation to incorporate the changes in order to resolve the conflict of attributes and maintain the consistency of attributes of users between different systems. Currently ready-for-deploy systems such as Liberty Alliance, Microsoft Windows CardSpace (formerly InfoCard) and Shibboleth do not address this issue efficiently. In general, consistency issues of user attributes in federated system via a 2-dimentional view: consistency between member systems (horizontal consistency) and consistency between federation and local system (vertical consistency). In this paper, we discuss the issue of horizontal consistency to achieve better interoperability and fine-granularity for access control decisions in a federated system by analysing the two approaches to achieve the consistency of user attributes: attribute synchronisation and delegation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aura, T.: Distributed access-rights management with delegation certificate. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–235. Springer, Heidelberg (1999)
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Conference Computer Security Applications (ACSAC 2000), pp. 168–176 (2000)
Benantar, M.: Access Control Systems - Security. In: Identity Management and Trust Model, Springer, New York (2006)
Brown, K.: Security Briefs: A First Look at InfoCard. MSDN Magazine 21 (2006)
Bullock, A., Benford, S.: An access control framework for multi-user collaborative environments. In: ACM SIGGROUP Conference on Supporting Group Work, pp. 140–149 (1999)
Canovas, O., Gomez, A.F.: Delegation in distributed systems: challenges and open issues. In: 14th International Workshop on Database and Expert Systems Applications, pp. 499–503 (2003)
Chappell, D.: Introducing Windows CardSpace, Microsoft Corporation, Available: http://msdn.microsoft.com/windowsvista/default.aspx?pull=/library/en-us/dnlong/html/IntroInfoCard.asp (4th September 2006)
Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)
Heimbigner, D., McLeod, D.: A federated architecture for information management. ACM Transactions on Information Systems (TOIS) 3(3), 253–278 (1985)
Joshi, J.B.D., Bertino, E.: Fine-grained role-based delegation in presence of the hybrid role hierarchy. In: Proceedings of the 7th ACM symposium on Access control models and technologies, Lake Tahoe, California, USA, pp. 81–90 (2006)
Park, J.S., Sandhu, R., Ahn, G.J.: Role-based access control on the web. ACM Transactions on Information and System Security (TISSEC) 1(4) (2001)
Sandhu, R.:Role Usage and Activation Hierarchies (2005), Available: http://www.list.gmu.edu/it862/it862s05/Role_Activation_Hierarchies.ppt (16th February 2007)
Schaad, A.: A Framework for Organisational Control Principles, PhD Thesis, The University of York, York, England (2003)
Sheth, A.P., Larson, J.: Federated database systems for managing distributed, heterogeneous, and autonomous databases. ACM Computing Surveys (CSUR) 22(3), 183–236 (1990)
Shin, D., Ahn, G.J., Shenoy, P.: Ensuring information assurance in federated identity management. In: Proceedings of the 2004 IEEE International Conference on Performance, Computing, and Communications, pp. 821–826 (2004)
Thompson, P., Champagne, D., Kemp, J., Aarts, R., Bone, N., Castellanos-Zamora, D., Crom, J.M., Kannappan, L., Lindsay-Stewart, A., Maeda, K., Meyerstein, M., Nochimowski, A., Gonzalez, A., Poignet, A., Serret, X., Vanderbeek, J., Vittu, J., Walter, A., Sergent, J., Madsen, P., Cahill, C., Linn, J., Landau, S., Sibieta, P.: Liberty ID-FF Implementation Guidelines - Version 1.2, Available: https://www.projectliberty.org/specs/liberty-idff-guidelines-v1.2.pdf (4th September 2006)
Varadharajan, V., Crall, C., Pato, J.: Authorization in enterprise-wide distributed system: a practical design and application. In: Proceedings of the 14th Annual Computer Security Applications Conference, pp. 178–189 (1998)
Vimercati, S.D.C.D., Samarati, P.: Access control in federated systems. In: Proceedings of the Workshop on New security paradigms, Lake Arrowhead, CA, USA, pp. 87–99 (1996)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pham, Q., McCullagh, A., Dawson, E. (2007). Consistency of User Attribute in Federated Systems. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)