Autonomic Communication is a new paradigm for dynamic network integration. An Autonomic Network crosses organizational and management boundaries and is provided by entities that see each other just as business partners. Policy-based network access and management already requires a paradigm shift in the access control mechanism: from identity-based access control to trust management and negotiation, but this is not enough for cross organizational autonomic communication. For many services no autonomic communication partner may guess a priori what will be sent by clients and clients may not know a priori what credentials are demanded for completing a service requiring the orchestration of many different autonomic nodes. To solve this problem we propose to use interactive access control for autonomic communication: servers should be able to get back to clients asking for missing credentials, whereas the latter may decide to supply or decline requested credentials and so on until a final decision is made. This proposal is grounded in a formal model on policy-based access control using abduction. We identify the key algorithm for interactive access and show its correctness. The Web Services-based implementation that we have developed is also sketched.
Interactive Access Control in Autonomic Communication / Koshutanski, Hristo; Massacci, Fabio. - ELETTRONICO. - (2004).
Interactive Access Control in Autonomic Communication
Koshutanski, Hristo;Massacci, Fabio
2004-01-01
Abstract
Autonomic Communication is a new paradigm for dynamic network integration. An Autonomic Network crosses organizational and management boundaries and is provided by entities that see each other just as business partners. Policy-based network access and management already requires a paradigm shift in the access control mechanism: from identity-based access control to trust management and negotiation, but this is not enough for cross organizational autonomic communication. For many services no autonomic communication partner may guess a priori what will be sent by clients and clients may not know a priori what credentials are demanded for completing a service requiring the orchestration of many different autonomic nodes. To solve this problem we propose to use interactive access control for autonomic communication: servers should be able to get back to clients asking for missing credentials, whereas the latter may decide to supply or decline requested credentials and so on until a final decision is made. This proposal is grounded in a formal model on policy-based access control using abduction. We identify the key algorithm for interactive access and show its correctness. The Web Services-based implementation that we have developed is also sketched.| File | Dimensione | Formato | |
|---|---|---|---|
|
094.pdf
accesso aperto
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
947.38 kB
Formato
Adobe PDF
|
947.38 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
