Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Bojan Suzic, Andreas Reiter, Alexander Marsalek

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.
Original languageEnglish
Title of host publication2017 IEEE Conference on Communications and Network Security (CNS)
Place of PublicationLas Vegas
PublisherIEEE Press
Pages522-530
Number of pages9
DOIs
Publication statusPublished - Oct 2017
EventIEEE Conference on Communications and Network Security -
Duration: 9 Oct 201711 Oct 2017

Conference

ConferenceIEEE Conference on Communications and Network Security
Abbreviated titleIEEE CNS 2017
Period9/10/1711/10/17

Keywords

  • web api
  • oauth
  • authorization management
  • web security
  • security policies

Fingerprint Dive into the research topics of 'Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management'. Together they form a unique fingerprint.

Cite this