Interactive credential negotiation for stateful business processes

Lecture Notes in Computer Science

Volumn 3477, Issue , 2005, Pages 256-272

  Koshutanski, Hristo ^a   Massacci, Fabio ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; ELECTRONIC COMMERCE; RESEARCH; SERVERS; SOCIETIES AND INSTITUTIONS; WORLD WIDE WEB;

BUSINESS PROCESSES; TRUST MANAGEMENT; WEB SERVICES;

FINANCIAL DATA PROCESSING;

EID: 24944574536     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/11429760_18     Document Type: Conference Paper

References (18)

1. Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security (TISSEC) 6 (2003) 1-42
2. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10 (2002) 241-272
3. Koshutanski, H., Massacci, F.: Interactive access control for Web Services. In: Proceedings of the 19th IFIP Information Security Conference (SEC 2004), Toulouse, France, Kluwer Press (2004) 151-166
4. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security (TISSEC) 2 (1999) 65-104
5. Apt, K.: Logic programming. In van Leeuwen, J., ed.: Handbook of Theoretical Computer Science. Elsevier (1990)
6. De Capitani di Vimercati, S., Samarati, P.: Access control: Policies, models, and mechanism. In Focardi, R., Gorrieri, F., eds.: Foundations of Security Analysis and Design - Tutorial Lectures. Volume 2171 of LNCS. Springer Verlag Press (2001)
7. Koshutanski, H., Massacci, F.: Interactive access control for stateful web services business processes. Technical Report DIT-05-002, Department of Information and Communication Technology, University of Trento (2005)
8. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4 (2001) 224-274
9. Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Seventh ACM SACMAT, ACM Press (2002) 57-64
10. Giuri, L.: Role-based access control on the web. ACM Transactions on Information and System Security (TISSEC) 4 (2001) 37-71
11. Park, J.S., Sandhu, R.: RBAC on the Web by smart certificates. In: Proceedings of the fourth ACM workshop on Role-based access control, ACM Press (1999) 1-9
12. Joshi, J.B.D., Aref, W.G., Ghafoor, A., Spafford, E.H.: Security models for web-based applications. Communications of the ACM 44 (2001) 38-44
13. Roscheisen, M., Winograd, T.: A communication agreement framework for access/action control. In: Proceedings of the Symposium on Security and Privacy, IEEE Press (1996) 154-163
14. Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security (TISSEC) 6 (2003) 128-171
15. Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proceedings of the 1997 ACM SIGMOD conference on Management of data, ACM Press (1997) 474-485
16. Wijesekera, D., Jajodia, S.: Policy algebras for access control the predicate case. In: Proceedings of the 9th ACM conference on Computer and Communications Security, ACM Press (2002) 171-180
17. Koshutanski, H., Massacci, F.: An access control framework for business processes for Web services. In: Proceedings of the 2003 ACM workshop on XML security, Fairfax, VA, ACM Press (2003) 15-24
18. Koshutanski, H., Massacci, F.: An interactive trust management and negotiation scheme. In: Proceedings of the 2nd International Workshop on Formal Aspects in Security and Trust (FAST), Toulouse, France, Kluwer Press (2004) 139-152