Databases Reference
In-Depth Information
a set of properties of the certificate's holder (e.g., identity, accreditation, or
authorizations). Access control models, by exploiting digital certificates for
granting or denying access to resources, make access decisions on the basis of
a set of properties that the requester should have. The final user can prove to
have such properties by providing one or more digital certificates [22, 23, 24,
25, 26].
The development and effective use of credential-based access control mod-
els require however tackling several problems related to credential manage-
ment and disclosure strategies, delegation and revocation of credentials, and
establishment of credential chains [27, 28, 29, 30]. In particular, when devel-
oping an access control system based on credentials, the following issues need
to be carefully considered [22].
•
Ontologies
. Since there is a variety of security attributes and requirements
that may need to be considered, it is important to guarantee that different
parties will be able to understand each other, by defining a set of common
languages, dictionaries, and ontologies.
•
Client-side and server-side restrictions
. Since parties may act as either a
client or a server, access control rules need to be defined both client-side
and server-side.
•
Credential-based access control rules
. New access control languages sup-
porting credentials need to be developed. These languages should be both
expressive (to define different kinds of policies) and simple (to facilitate
policy definition).
•
Access control evaluation outcome
. The resource requester may not be
aware of the attributes she needs to gain access to the requested resource.
As a consequence, access control mechanisms should not simply return a
permit or deny answer, but should be able to ask the final user for the
needed credentials to access the resource.
•
Trust negotiation strategies
. Due to the large number of possible alternative
credentials that would enable an access request, a server cannot formulate
a request for all these credentials, since the client may not be willing to
release the whole set of her credentials. On the other hand, the server
should not disclose too much of the underlying security policy, since it
may contain sensitive information.
In the following, we briefly describe some proposals that have been devel-
oped for trust negotiation and for regulating service access in open environ-
ments.
3.1 Overview of Trust Negotiation Strategies
As previously noted, since the interacting parties may be unknown to each
other, the resource requester may not be aware of the credentials necessary
for gaining access privileges. Consequently, during the access control process,
