Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Bojan Suzic; Andreas Reiter; Alexander Marsalek

doi:10.1109/CNS.2017.8228700

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Bojan Suzic, Andreas Reiter, Alexander Marsalek

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

Original language	English
Title of host publication	2017 IEEE Conference on Communications and Network Security (CNS)
Place of Publication	Las Vegas
Publisher	IEEE Press
Pages	522-530
Number of pages	9
DOIs	https://doi.org/10.1109/CNS.2017.8228700
Publication status	Published - Oct 2017
Event	IEEE Conference on Communications and Network Security: IEEE CNS 2017 - Las Vegas, United States Duration: 9 Oct 2017 → 11 Oct 2017

Conference

Conference	IEEE Conference on Communications and Network Security
Abbreviated title	IEEE CNS 2017
Country/Territory	United States
City	Las Vegas
Period	9/10/17 → 11/10/17

Keywords

web api
oauth
authorization management
web security
security policies

Access to Document

10.1109/CNS.2017.8228700

PID4962265-finFinal published version, 1.68 MBLicence: Other

1 Finished
1 Active

A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area
SUNFISH - SUNFISH- Secure information sharing in federated heterogeneous private clouds
Reiter, A., Marsalek, A., Suzic, B., Posch, R., Leitold, H. & Reimair, F.
1/01/15 → 31/12/17
Project: Research project

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management
Bojan Suzic (Speaker), Andreas Reiter (Contributor) & Alexander Marsalek (Contributor)
Oct 2017
Activity: Talk or presentation › Talk at conference or symposium › Science to science

Cite this

@inproceedings{0d0f3a8c3eaf4fc1ba022b07c68e2fb3,

title = "Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management",

abstract = "n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.",

keywords = "web api, oauth, authorization management, web security, security policies",

author = "Bojan Suzic and Andreas Reiter and Alexander Marsalek",

year = "2017",

month = oct,

doi = "10.1109/CNS.2017.8228700",

language = "English",

pages = "522--530",

booktitle = "2017 IEEE Conference on Communications and Network Security (CNS)",

publisher = "IEEE Press",

note = "IEEE Conference on Communications and Network Security : IEEE CNS 2017, IEEE CNS 2017 ; Conference date: 09-10-2017 Through 11-10-2017",

}

TY - GEN

T1 - Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

AU - Suzic, Bojan

AU - Reiter, Andreas

AU - Marsalek, Alexander

PY - 2017/10

Y1 - 2017/10

N2 - n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

AB - n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

KW - web api

KW - oauth

KW - authorization management

KW - web security

KW - security policies

U2 - 10.1109/CNS.2017.8228700

DO - 10.1109/CNS.2017.8228700

M3 - Conference paper

SP - 522

EP - 530

BT - 2017 IEEE Conference on Communications and Network Security (CNS)

PB - IEEE Press

CY - Las Vegas

T2 - IEEE Conference on Communications and Network Security

Y2 - 9 October 2017 through 11 October 2017

ER -

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Abstract

Conference

Keywords

Access to Document

Fingerprint

Projects

A-SIT - Secure Information Technology Center Austria

SUNFISH - SUNFISH- Secure information sharing in federated heterogeneous private clouds

Activities

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Cite this