Skip to main content
SpringerLink
Log in

Eine verteilte Autorisierungsinfrastruktur unter Berücksichtigung von Datenschutzaspekten

  • HAUPTBEITRAG
  • EINE VERTEILTE AUTORISIERUNGSINFRASTRUKTUR
  • Published:
Informatik-Spektrum Aims and scope

Zusammenfassung

Traditionelle Verfahren der Rechtezuweisung (Autorisierung) und Zugriffskontrolle sind nur eingeschränkt geeignet, die Anforderungen an das Management der Nutzerprivilegien und an die Durchsetzung einer Sicherheitsstrategie in skalierbaren und hoch flexiblen verteilten Systemen umzusetzen. Dafür besser geeignet sind Sicherheitsinfrastrukturen, genauer AAIs – authentication and authorization infrastructures – und PMIs – privilege management infrastructures – die in der Lage sind, umfassende Sicherheitsdienstleistungen in einer Föderation von Systemen aus unterschiedlichen Domänen anzubieten. Dieser Beitrag enthält die Darstellung einer datenschutzorientierten AAI im Umfeld von eGovernment, die attributbasierte Zugriffskontrolle, eine XACML-Sicherheitsarchitektur zur Umsetzung und eine besondere Berücksichtigung der Datenschutzaspekte bei der Weitergabe der Nutzerattribute beinhaltet.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Anderson A (2004) The Relationship Between XACML and P3P Privacy Policies. http://research.sun.com/projects/xacml/XACML_P3P_Relationship.html (Abruf August 2009)

  2. Anderson A (2006) Web Services Profile of XACML (WS-XACML) Version 1.0. OASIS Working Draft 8

  3. Anderson A (2006) Sun Position Paper. W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement

  4. Ardagna CA, De Capitani di Vimercati S, Samarati P (2006) Enhancing User Privacy Through Data Handling Policies. Proc. of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2006), Sophia Antipolis, Frankreich

  5. Bonatti PA, Samarati P (2002) A Uniform Framework for Regulating Service Access and Information Release on the Web. J Comput Secur 10(3):241–271

    Google Scholar 

  6. Casassa Mont M (2006) Towards Scalable Management of Privacy Obligations in Enterprises. Proc. of the Third International Conference on Trust, Privacy, and Security in Digital Business (TrustBus ’06), Krakau, Polen, pp 1–10

  7. Cranor L et al. (2006) The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Group Note

  8. Cranor L, Langheinrich M, Marchiori M (2002) A P3P Preference Exchange Language 1.0 (APPEL 1.0). World Wide Web Consortium Working Draft

  9. Dürbeck S, Schillinger R, Kolter J (2007) Security Requirements for a Semantic Service-oriented Architecture. Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES ’07), Wien, Österreich

  10. Earp JB, Baumer D (2003) Innovative Web Use to Learn About Consumer Behavior and Online Privacy. Commun ACM 46(4):81–83

    Article  Google Scholar 

  11. European Union (1995) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities No L 281/31, October 1995

  12. European Union (2006) Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market. Official Journal of the European Union No L 376/36, December 2006

  13. Hansen M, Krasemann H (2005) Privacy and Identity Management for Europe – PRIME White Paper. PRIME deliverable D15.1.d, http://www.prime-project.eu.org/whitepaper/ (Abruf September 2005)

  14. Hommel W (2005) Using XACML for Privacy Control in SAML-Based Identity Federations. IFIP International Federation for Information Processing CMS 2005 LNCS 3677, pp 160–169

  15. Klischewski R, Ukena S, Wozniak D (2006) User Requirements Analysis & Development/Test Recommendation. Access-eGov deliverable D2.2, http://www.accessegov.org/ (Abruf September 2009)

  16. Kolter J, Schillinger R, Pernul G (2007) Building a Distributed Semantic-aware Security Architecture. Proc. 22nd Int. Information Security Conference (SEC2007), Sandton, South Africa

  17. Kolter J, Schillinger R, Pernul G (2007) A Privacy-enhanced Attribute-based Access Control System. 2007. Proc. of the 21st Annual IFIP WG 11.3 Working Conference on Data and Application Security (DBSec 2007), Redondo Beach, CA, USA

  18. Lopez J, Oppliger R, Pernul G (2004) Authentication and Authorization Infrastructures (AAIs): A Comparative Survey. Comput Secur 23(7):578–590

    Article  Google Scholar 

  19. MacKenzie CM, Laskey K, McCabe F, Brown PF, Metz R (2006) Reference Model for Service Oriented Architecture 1.0. OASIS Standard

  20. Moses T (2005) eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard

  21. Nadalin A et al. (2006) Web Services Security: SOAP Message Security 1.1, http://docs.oasis-open.org/wss/v1.1/ (Abruf Januar 2010)

  22. Priebe T, Dobmeier W, Kamprath N (2006) Supporting Attribute-based Access Control with Ontologies. Proc. of the 1st International Conference on Availability, Reliability and Security (ARES ’06), pp 465–472. Los Alamitos, CA, USA, IEEE Computer Society

  23. Priebe T, Dobmeier W, Muschall B, Pernul G (2005) ABAC – Ein Referenzmodell für attributbasierte Zugriffskontrolle. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik (Sicherheit ’05), S 285–296, Universität Regensburg, Deutschland

  24. Thompson M, Johnston W, Mudumbai S, Hoo G, Jackson K, Essiari A (1999) Certificate-based Access Control for Widely Distributed Resources. Proc. of the 8th USENIX Security Symposium, Washington, DC, USA

  25. Tomasek M, Paralic M et al. (2006) Access-eGov Components Functional Descriptions. Access-eGov deliverable D3.2, http://www.accessegov.org/ (Abruf Dezember 2009)

  26. World Wide Web Consortium (2006) Web Services Policy 1.2 – Framework (WS-Policy), http://www.w3.org/Submission/WS-Policy/ (Abruf Januar 2010)

  27. Yuan E, Tong J (2005) Attributed Based Access Control (ABAC) for Web Services. Proc. of the IEEE International Conference on Web Services (ICWS’05), pp 561–569, Washington, DC, USA, IEEE Computer Society

Download references

Author information

Authors and Affiliations

  1. Lehrstuhl für Wirtschaftsinformatik I – Informationssysteme, Universität Regensburg, Universitätsstraße 31, 93053, Regensburg, Deutschland

    Stefan Dürbeck, Jan Kolter, Günther Pernul & Rolf Schillinger

Authors
  1. Stefan Dürbeck
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Kolter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rolf Schillinger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefan Dürbeck.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dürbeck, S., Kolter, J., Pernul, G. et al. Eine verteilte Autorisierungsinfrastruktur unter Berücksichtigung von Datenschutzaspekten. Informatik Spektrum 34, 265–275 (2011). https://doi.org/10.1007/s00287-009-0411-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00287-009-0411-0

Search

Navigation