Role-based access control for information federations in the industrial service sector

18th European Conference on Information Systems, ECIS 2010

Volumn , Issue , 2010, Pages

  Kunz, Steffen ^a   Evdokimov, Sergei ^a   Fabian, Benjamin ^a   Stieger, Bernd ^b   Strembeck, Mark ^c  

^a HUMBOLDT UNIVERSITY   (Germany)

^b ABB CORPORATE RESEARCH   (Germany)

^c VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

Industrial services; Information federation; Information security; Role based access control

Indexed keywords

AUTHORIZATION DECISION; AUTOMATION TECHNOLOGY; BUSINESS SECTOR; COMMERCIAL PRODUCTS; EXTENSIBLE ACCESS CONTROL MARKUP LANGUAGES; HARDWARE PRODUCTS; INDUSTRIAL SERVICES; INFORMATION FEDERATION; INFORMATION SHARING; INTEGRITY REQUIREMENTS; MULTIPLE STAKEHOLDERS; RBAC POLICY; ROLE-BASED ACCESS CONTROL; SECURITY ARCHITECTURE; SERVICE ORIENTED; XACML POLICIES;

INFORMATION ANALYSIS; INFORMATION SYSTEMS; SECURITY OF DATA;

INDUSTRY;

EID: 84870642884     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (27)

1. Aletheia (2009). Aletheia Project Web Site. URL: http://www.aletheia- projekt.de/.
2. Ameri, F. and Dutta, D. (2005). Product Lifecycle Management: Closing the Knowledge Loops. Computer-Aided Design and Applications, 2 (5), 577-590.
3. Anderson, A. (2005). Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0. OASIS Standard. http://www.oasis-open.org.
4. Bacon, J., Moody, K., and Yao, W. (2003). Access Control and Trust in the Use of Widely Distributed Services. Software: Practice and Experience (SP&E), 33 (4).
5. Belokosztolszki, A., Eyers, D.M., and Moody, K. (2003a). Policy Contexts: Controlling Information Flow in Parameterized RBAC. In Proc. of the 4th International Workshop on Policies for Distributed Systems and Networks.
6. Belokosztolszki, A., Eyers, D.M., Pietzuch, P.R., Bacon, J., and Moody, K. (2003b). Role-Based Access Control for Publish/Subscribe Middleware Architectures. In Proc. of the International Workshop on Distributed Event-Based Systems.
7. BPMN (2009). Business Process Model and Notation (BPMN) 2.0. URL: http://www.omg.org/spec/BPMN/2.0 Business Process Model and Notation (BPMN) Specification 2.0.
8. Cohen, E., Thomas, R.K., Winsborough, W., and Shands, D. (2002). Models for Coalition-based Access Control (CBAC). In Proc. of the 7th ACM Symposium on Access Control Models and Technologies.
9. Coyne, E.J. and Davis, J.M. (2008). Role Engineering for Enterprise Security Management. Artech House.
10. Dekker, M.A.C., Crampton, J., and Etalle, S. (2008). RBAC Administration in Distributed Systems. Proc. of the 13th ACM Symposium on Access Control Models and Technologies.
11. Eisenhardt, K.M. (1989) Building Theories from Case Study Research. Academy of Management Review 14 (4), 532-550.
12. Evdokimov, S., Fabian, B., Kunz, S. (2009). Challenges for Access Control in Knowledge Federations, In: Proc. International Conference on Knowledge Management and Information Sharing (KMIS 2009), Madeira, Portugal.
13. Ferraiolo, D.F. and Kuhn, D.R. (1992). Role-Based Access Controls. In Proc. of the 15th National Computer Security Conference, 554-563.
14. Frey, J.H. and Oishi, S.M. (1995). How to Conduct Interviews by Telephone and in Person. SAGE Publications, Thousand Oaks.
15. Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., and Lin, D. (2009). Access Control Policy Combining: Theory Meets Practice. In Proc. of the 14th ACM Symposium on Access Control Models and Technologies.
16. Mazzoleni, P., Crispo, B., Sivasubramanian, S., and Bertino, E. (2008). XACML Policy Integration Algorithms. ACM Transactions on Information and System Security 11 (1), 1-29.
17. Mendling, J., Strembeck, M., Stermsek, G., and Neumann, G. (2004). An Approach to Extract RBAC Models from BPEL4WS Processes. In Proc. of the 13th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, Modena, Italy.
18. Moses, T. (2005). eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard. http://www.oasis-open.org.
19. Neumann, G. and Strembeck, M. (2002). A Scenario-driven Role Engineering Process for Functional RBAC Roles. In Proc. of 7th ACM Symposium on Access Control Models and Technologies.
20. OASIS (2006). Web Services Security: SOAP Message Security 1.1 (WS-Security), OASIS Standard Specification. http://docs.oasis-open.org/wss/v1. 1/.
21. Pietzuch, P.R. and Bacon, J.M. (2002). Hermes: A Distributed Event-Based Middleware Architecture. In Proc. of the International Workshop on Distributed Event-Based Systems (DEBS).
22. Reddivari, P., Finin, T., and Joshi, A. (2007). Policy-Based Access Control for an RDF Store. In Proc. of the IJCAI-07 Workshop on Semantic Web for Collaborative Knowledge Acquisition.
23. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., and Youman, C.E. (1996). Role-Based Access Control Models. IEEE Computer, 29 (2).
24. Strembeck, M. and Neumann, G. (2004). An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Transactions on Information and System Security, 7 (3).
25. Strembeck, M. (2005). A Role Engineering Tool for Role-Based Access Control. In Proc. of the 3rd Symposium on Requirements Engineering for Information Security.
26. Wauer, M., Schuster, D., Meinecke, J., Janke, T., and Schill, A. (2009). Aletheia - Towards a Distributed Architecture for Semantic Federation of Comprehensive Product Information; IADIS International Conference WWW/Internet.
27. Yin, R.K. (2003). Case Study Research: Design and Methods, 3rd ed., Sage Publications, Beverly Hills, CA.