Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

Bojan Suzic, Andreas Reiter, Alexander Marsalek

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.
Original languageEnglish
Title of host publication2017 IEEE Conference on Communications and Network Security (CNS)
Place of PublicationLas Vegas
PublisherIEEE Press
Pages522-530
Number of pages9
DOIs
Publication statusPublished - Oct 2017
EventIEEE Conference on Communications and Network Security -
Duration: 9 Oct 201711 Oct 2017

Conference

ConferenceIEEE Conference on Communications and Network Security
Abbreviated titleIEEE CNS 2017
Period9/10/1711/10/17

Fingerprint

Specifications
Web services
Automation
Semantics

Keywords

  • web api
  • oauth
  • authorization management
  • web security
  • security policies

Cite this

Suzic, B., Reiter, A., & Marsalek, A. (2017). Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management. In 2017 IEEE Conference on Communications and Network Security (CNS) (pp. 522-530). Las Vegas: IEEE Press. https://doi.org/10.1109/CNS.2017.8228700

Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management. / Suzic, Bojan; Reiter, Andreas; Marsalek, Alexander.

2017 IEEE Conference on Communications and Network Security (CNS). Las Vegas : IEEE Press, 2017. p. 522-530.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Suzic, B, Reiter, A & Marsalek, A 2017, Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management. in 2017 IEEE Conference on Communications and Network Security (CNS). IEEE Press, Las Vegas, pp. 522-530, IEEE Conference on Communications and Network Security, 9/10/17. https://doi.org/10.1109/CNS.2017.8228700
Suzic B, Reiter A, Marsalek A. Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management. In 2017 IEEE Conference on Communications and Network Security (CNS). Las Vegas: IEEE Press. 2017. p. 522-530 https://doi.org/10.1109/CNS.2017.8228700
Suzic, Bojan ; Reiter, Andreas ; Marsalek, Alexander. / Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management. 2017 IEEE Conference on Communications and Network Security (CNS). Las Vegas : IEEE Press, 2017. pp. 522-530
@inproceedings{0d0f3a8c3eaf4fc1ba022b07c68e2fb3,
title = "Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management",
abstract = "n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.",
keywords = "web api, oauth, authorization management, web security, security policies",
author = "Bojan Suzic and Andreas Reiter and Alexander Marsalek",
year = "2017",
month = "10",
doi = "10.1109/CNS.2017.8228700",
language = "English",
pages = "522--530",
booktitle = "2017 IEEE Conference on Communications and Network Security (CNS)",
publisher = "IEEE Press",

}

TY - GEN

T1 - Structuring the Scope: Enabling Adaptive and Multilateral Authorization Management

AU - Suzic, Bojan

AU - Reiter, Andreas

AU - Marsalek, Alexander

PY - 2017/10

Y1 - 2017/10

N2 - n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

AB - n this work, we examine an access scope, a concept in authorization management broadly applied for the specification of access constraints in web service integrations. By analyzing a typical use-case of cross-organizational cloud service automation, we show the suboptimal capabilities of static, coarse-grained and inflexible scopes that negatively impact security and management of service integrations on a web scale. Using the graph-based structure that relies on semantic technologies we introduce dereferenceable and self-descriptive authorization extents that allow expressive, granular and dynamic specification of security requirements. Through its application in the running scenario, we show how this construct can be administered to support confidentiality, integrity and privacy requirements of service integrations by allowing selective information sharing based on contextual properties.

KW - web api

KW - oauth

KW - authorization management

KW - web security

KW - security policies

U2 - 10.1109/CNS.2017.8228700

DO - 10.1109/CNS.2017.8228700

M3 - Conference contribution

SP - 522

EP - 530

BT - 2017 IEEE Conference on Communications and Network Security (CNS)

PB - IEEE Press

CY - Las Vegas

ER -