Usage control governs the handling of sensitive data after it has been given away. The enforcement of usage control requirements is a challenge because the service requester in general has no control over the service provider's information processing devices. We analyze applicable trust models, conclude that observation-based enforcement is often more appropriate than enforcement by direct control over the service provider's actions, and present a logical architecture that blends both forms of enforcement with the business logics of serviceoriented architectures. © Springer-Verlag Berlin Heidelberg 2007.
Usage Control in Service-Oriented Architectures
Massacci, Fabio;
2007-01-01
Abstract
Usage control governs the handling of sensitive data after it has been given away. The enforcement of usage control requirements is a challenge because the service requester in general has no control over the service provider's information processing devices. We analyze applicable trust models, conclude that observation-based enforcement is often more appropriate than enforcement by direct control over the service provider's actions, and present a logical architecture that blends both forms of enforcement with the business logics of serviceoriented architectures. © Springer-Verlag Berlin Heidelberg 2007.File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
