Zusammenfassung
Traditionelle Verfahren der Rechtezuweisung (Autorisierung) und Zugriffskontrolle sind nur eingeschränkt geeignet, die Anforderungen an das Management der Nutzerprivilegien und an die Durchsetzung einer Sicherheitsstrategie in skalierbaren und hoch flexiblen verteilten Systemen umzusetzen. Dafür besser geeignet sind Sicherheitsinfrastrukturen, genauer AAIs – authentication and authorization infrastructures – und PMIs – privilege management infrastructures – die in der Lage sind, umfassende Sicherheitsdienstleistungen in einer Föderation von Systemen aus unterschiedlichen Domänen anzubieten. Dieser Beitrag enthält die Darstellung einer datenschutzorientierten AAI im Umfeld von eGovernment, die attributbasierte Zugriffskontrolle, eine XACML-Sicherheitsarchitektur zur Umsetzung und eine besondere Berücksichtigung der Datenschutzaspekte bei der Weitergabe der Nutzerattribute beinhaltet.
References
Anderson A (2004) The Relationship Between XACML and P3P Privacy Policies. http://research.sun.com/projects/xacml/XACML_P3P_Relationship.html (Abruf August 2009)
Anderson A (2006) Web Services Profile of XACML (WS-XACML) Version 1.0. OASIS Working Draft 8
Anderson A (2006) Sun Position Paper. W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement
Ardagna CA, De Capitani di Vimercati S, Samarati P (2006) Enhancing User Privacy Through Data Handling Policies. Proc. of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2006), Sophia Antipolis, Frankreich
Bonatti PA, Samarati P (2002) A Uniform Framework for Regulating Service Access and Information Release on the Web. J Comput Secur 10(3):241–271
Casassa Mont M (2006) Towards Scalable Management of Privacy Obligations in Enterprises. Proc. of the Third International Conference on Trust, Privacy, and Security in Digital Business (TrustBus ’06), Krakau, Polen, pp 1–10
Cranor L et al. (2006) The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Group Note
Cranor L, Langheinrich M, Marchiori M (2002) A P3P Preference Exchange Language 1.0 (APPEL 1.0). World Wide Web Consortium Working Draft
Dürbeck S, Schillinger R, Kolter J (2007) Security Requirements for a Semantic Service-oriented Architecture. Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES ’07), Wien, Österreich
Earp JB, Baumer D (2003) Innovative Web Use to Learn About Consumer Behavior and Online Privacy. Commun ACM 46(4):81–83
European Union (1995) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities No L 281/31, October 1995
European Union (2006) Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market. Official Journal of the European Union No L 376/36, December 2006
Hansen M, Krasemann H (2005) Privacy and Identity Management for Europe – PRIME White Paper. PRIME deliverable D15.1.d, http://www.prime-project.eu.org/whitepaper/ (Abruf September 2005)
Hommel W (2005) Using XACML for Privacy Control in SAML-Based Identity Federations. IFIP International Federation for Information Processing CMS 2005 LNCS 3677, pp 160–169
Klischewski R, Ukena S, Wozniak D (2006) User Requirements Analysis & Development/Test Recommendation. Access-eGov deliverable D2.2, http://www.accessegov.org/ (Abruf September 2009)
Kolter J, Schillinger R, Pernul G (2007) Building a Distributed Semantic-aware Security Architecture. Proc. 22nd Int. Information Security Conference (SEC2007), Sandton, South Africa
Kolter J, Schillinger R, Pernul G (2007) A Privacy-enhanced Attribute-based Access Control System. 2007. Proc. of the 21st Annual IFIP WG 11.3 Working Conference on Data and Application Security (DBSec 2007), Redondo Beach, CA, USA
Lopez J, Oppliger R, Pernul G (2004) Authentication and Authorization Infrastructures (AAIs): A Comparative Survey. Comput Secur 23(7):578–590
MacKenzie CM, Laskey K, McCabe F, Brown PF, Metz R (2006) Reference Model for Service Oriented Architecture 1.0. OASIS Standard
Moses T (2005) eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard
Nadalin A et al. (2006) Web Services Security: SOAP Message Security 1.1, http://docs.oasis-open.org/wss/v1.1/ (Abruf Januar 2010)
Priebe T, Dobmeier W, Kamprath N (2006) Supporting Attribute-based Access Control with Ontologies. Proc. of the 1st International Conference on Availability, Reliability and Security (ARES ’06), pp 465–472. Los Alamitos, CA, USA, IEEE Computer Society
Priebe T, Dobmeier W, Muschall B, Pernul G (2005) ABAC – Ein Referenzmodell für attributbasierte Zugriffskontrolle. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik (Sicherheit ’05), S 285–296, Universität Regensburg, Deutschland
Thompson M, Johnston W, Mudumbai S, Hoo G, Jackson K, Essiari A (1999) Certificate-based Access Control for Widely Distributed Resources. Proc. of the 8th USENIX Security Symposium, Washington, DC, USA
Tomasek M, Paralic M et al. (2006) Access-eGov Components Functional Descriptions. Access-eGov deliverable D3.2, http://www.accessegov.org/ (Abruf Dezember 2009)
World Wide Web Consortium (2006) Web Services Policy 1.2 – Framework (WS-Policy), http://www.w3.org/Submission/WS-Policy/ (Abruf Januar 2010)
Yuan E, Tong J (2005) Attributed Based Access Control (ABAC) for Web Services. Proc. of the IEEE International Conference on Web Services (ICWS’05), pp 561–569, Washington, DC, USA, IEEE Computer Society
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dürbeck, S., Kolter, J., Pernul, G. et al. Eine verteilte Autorisierungsinfrastruktur unter Berücksichtigung von Datenschutzaspekten. Informatik Spektrum 34, 265–275 (2011). https://doi.org/10.1007/s00287-009-0411-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00287-009-0411-0