Databases Reference
In-Depth Information
only basic access control capabilities. It lacks the flexibility and sophistication
that many applications need to provide access control decisions based on role
hierarchies or various constraints such as the time of day or separation of
duties.
In the basic Shibboleth, a target site trusts the origin site to authenticate
its users and manages their attributes correctly while the original site trusts
the target site to provide services to its users. Trust is conveyed using digitally
signed SAML messages using target and origin server key pairs. Each site has
only one key pair per Shibboleth system. Thus there is only a single point
of trust per Shibboleth system. Therefore, there is a need for a finer grained
distributed trust model and being able to use multiple origin authorities to
issue and sign the authentication and attribute assertions. Multiple authori-
ties should be able to issue attributes to users and the target site should be
able to verify issuer/user bindings. The target should be able to state, in its
policy, which of the attribute authorities it trusts as well as which attributes
to issue to which groups of users. The target site should be able to decide, in-
dependently of the issuing site which attributes and authorities to trust when
making its access control decisions. Not all attribute issuing authorities need
to be part of the origin site. A target site should be able to allow a user to gain
access to its resources if it has attributes issued by multiple authorities. The
trust infrastructure should support dynamic delegation of authority, so that
a holder of a privilege attribute may delegate (a subset of) this to another
person without having to reconfigure anything in the system. The target site
should be able to decide if it really does trust the origin's attribute repository,
and if not, be able to demand a stronger proof of attribute entitlement than
that conferred by a SAML signature from the sending web server.
Shibboleth defines various trust models. These models have been imple-
mented using X.509. We can look at trust from two different aspects
Distribution of trust in attribute issuing authorities.
•
Trustworthiness of an origin site's attribute repository.
•
Further details of the trust models and their implementations as well as
authorization and privacy issues are discussed in [11].
3 Security and the Semantic Web
3.1 Overview
We first provide an overview of the semantic web and then discuss the secu-
rity issues. This will include a discussion of XML security, RDF (Resource
Description Framework) security and secure information integration, which
are components of the secure semantic web. As more progress is made on
investigating these various issues, we hope that appropriate standards would
be developed for securing the semantic web. Security cannot be considered in
