The Experts below are selected from a list of 117306 Experts worldwide ranked by ideXlab platform
A H Anderson - One of the best experts on this subject based on the ideXlab platform.
-
an introduction to the web services Policy Language wspl
IEEE International Workshop on Policies for Distributed Systems and Networks, 2004Co-Authors: A H AndersonAbstract:The Web Services Policy Language (WSPL) is suitable for specifying a wide range of policies, including authorization, quality-of-service, quality-of-protection, reliable messaging, privacy, and application-specific service options. WSPL is of particular interest in several respects. It supports merging two policies, resulting in a single Policy that satisfies the requirements of both, assuming such a Policy exists. Policies can be based on comparisons other than equality, allowing policies to depend on fine-grained attributes such as time of day, cost, or network subnet address. By using standard data types and functions for expressing Policy parameters, a standard Policy engine can support any Policy. The syntax is a strict subset of the OASIS eXtensible Access Control Markup Language (XACML) Standard. WSPL has been implemented, and is under consideration as a standard Policy Language for use with Web services.
-
Policy - An introduction to the Web Services Policy Language (WSPL)
Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks 2004. POLICY 2004., 2004Co-Authors: A H AndersonAbstract:The Web Services Policy Language (WSPL) is suitable for specifying a wide range of policies, including authorization, quality-of-service, quality-of-protection, reliable messaging, privacy, and application-specific service options. WSPL is of particular interest in several respects. It supports merging two policies, resulting in a single Policy that satisfies the requirements of both, assuming such a Policy exists. Policies can be based on comparisons other than equality, allowing policies to depend on fine-grained attributes such as time of day, cost, or network subnet address. By using standard data types and functions for expressing Policy parameters, a standard Policy engine can support any Policy. The syntax is a strict subset of the OASIS eXtensible Access Control Markup Language (XACML) Standard. WSPL has been implemented, and is under consideration as a standard Policy Language for use with Web services.
Anupam Joshi - One of the best experts on this subject based on the ideXlab platform.
-
a Policy based approach to security for the semantic web
International Semantic Web Conference, 2003Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:Along with developing specifications for the description of meta-data and the extraction of information for the Semantic Web, it is important to maximize security in this environment, which is fundamentally dynamic, open and devoid of many of the clues human societies have relied on for security assessment. Our research investigates the marking up of web entities with a semantic Policy Language and the use of distributed Policy management as an alternative to traditional authentication and access control schemes. The Policy Language allows policies to be described in terms of deontic concepts and models speech acts, which allows the dynamic modification of existing policies, decentralized security control and less exhaustive policies. We present a security framework, based on this Policy Language, which addresses security issues for web resources, agents and services in the Semantic Web.
-
a Policy Language for a pervasive computing environment
IEEE International Workshop on Policies for Distributed Systems and Networks, 2003Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:We describe a Policy Language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic Language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to Policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A Policy Language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our Policy Language in pervasive environments through a prototype used as part of a secure pervasive system.
-
Policy - A Policy Language for a pervasive computing environment
Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, 1Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:We describe a Policy Language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic Language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to Policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A Policy Language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our Policy Language in pervasive environments through a prototype used as part of a secure pervasive system.
Philip W L Fong - One of the best experts on this subject based on the ideXlab platform.
-
relationship based access control policies and their Policy Languages
Symposium on Access Control Models and Technologies, 2011Co-Authors: Philip W L Fong, Ida SiahaanAbstract:The Relationship-Based Access Control (ReBAC) model was recently proposed as a general-purpose access control model. It supports the natural expression of parameterized roles, the composition of policies, and the delegation of trust. Fong proposed a Policy Language that is based on Modal Logic for expressing and composing ReBAC policies. A natural question is whether such a Language is representationally complete, that is, whether the Language is capable of expressing all ReBAC policies that one is interested in expressing. In this work, we argue that the extensive use of what we call Relational Policies is what distinguishes ReBAC from traditional access control models. We show that Fong's Policy Language is representationally incomplete in that certain previously studied Relational Policies are not expressible in the Language. We introduce two extensions to the Policy Language of Fong, and prove that the extended Policy Language is representationally complete with respect to a well-defined subclass of Relational Policies.
-
relationship based access control protection model and Policy Language
Conference on Data and Application Security and Privacy, 2011Co-Authors: Philip W L FongAbstract:Social Network Systems pioneer a paradigm of access control that is distinct from traditional approaches to access control. Gates coined the term Relationship-Based Access Control (ReBAC) to refer to this paradigm. ReBAC is characterized by the explicit tracking of interpersonal relationships between users, and the expression of access control policies in terms of these relationships. This work explores what it takes to widen the applicability of ReBAC to application domains other than social computing. To this end, we formulate an archetypical ReBAC model to capture the essence of the paradigm, that is, authorization decisions are based on the relationship between the resource owner and the resource accessor in a social network maintained by the protection system. A novelty of the model is that it captures the contextual nature of relationships. We devise a Policy Language, based on modal logic, for composing access control policies that support delegation of trust. We use a case study in the domain of Electronic Health Records to demonstrate the utility of our model and its Policy Language. This work provides initial evidence to the feasibility and utility of ReBAC as a general-purpose paradigm of access control.
-
CODASPY - Relationship-based access control: protection model and Policy Language
Proceedings of the first ACM conference on Data and application security and privacy - CODASPY '11, 2011Co-Authors: Philip W L FongAbstract:Social Network Systems pioneer a paradigm of access control that is distinct from traditional approaches to access control. Gates coined the term Relationship-Based Access Control (ReBAC) to refer to this paradigm. ReBAC is characterized by the explicit tracking of interpersonal relationships between users, and the expression of access control policies in terms of these relationships. This work explores what it takes to widen the applicability of ReBAC to application domains other than social computing. To this end, we formulate an archetypical ReBAC model to capture the essence of the paradigm, that is, authorization decisions are based on the relationship between the resource owner and the resource accessor in a social network maintained by the protection system. A novelty of the model is that it captures the contextual nature of relationships. We devise a Policy Language, based on modal logic, for composing access control policies that support delegation of trust. We use a case study in the domain of Electronic Health Records to demonstrate the utility of our model and its Policy Language. This work provides initial evidence to the feasibility and utility of ReBAC as a general-purpose paradigm of access control.
-
SACMAT - Relationship-based access control policies and their Policy Languages
Proceedings of the 16th ACM symposium on Access control models and technologies - SACMAT '11, 2011Co-Authors: Philip W L Fong, Ida SiahaanAbstract:The Relationship-Based Access Control (ReBAC) model was recently proposed as a general-purpose access control model. It supports the natural expression of parameterized roles, the composition of policies, and the delegation of trust. Fong proposed a Policy Language that is based on Modal Logic for expressing and composing ReBAC policies. A natural question is whether such a Language is representationally complete, that is, whether the Language is capable of expressing all ReBAC policies that one is interested in expressing. In this work, we argue that the extensive use of what we call Relational Policies is what distinguishes ReBAC from traditional access control models. We show that Fong's Policy Language is representationally incomplete in that certain previously studied Relational Policies are not expressible in the Language. We introduce two extensions to the Policy Language of Fong, and prove that the extended Policy Language is representationally complete with respect to a well-defined subclass of Relational Policies.
-
Isolating untrusted software extensions by custom scoping rules
Computer Languages Systems & Structures, 2010Co-Authors: Philip W L Fong, Simon A. OrrAbstract:In a modern programming Language, scoping rules determine the visibility of names in various regions of a program. In this work, we examine the idea of allowing an application developer to customize the scoping rules of its underlying Language. We demonstrate that such an ability can serve as the cornerstone of a security architecture for dynamically extensible systems. A run-time module system, IsoMod, is proposed for the Java platform to facilitate software isolation. A core application may create namespaces dynamically and impose arbitrary name visibility policies (i.e., scoping rules) to control whether a name is visible, to whom it is visible, and in what way it can be accessed. Because IsoMod exercises name visibility control at load time, loaded code runs at full speed. Furthermore, because IsoMod access control policies are maintained separately, they evolve independently from core application code. In addition, the IsoMod Policy Language provides a declarative means for expressing a very general form of visibility constraints. Not only can the IsoMod Policy Language simulate a sizable subset of permissions in the Java 2 security architecture, it does so with policies that are robust to changes in software configurations. The IsoMod Policy Language is also expressive enough to completely encode a capability type system known as Discretionary Capability Confinement. In spite of its expressiveness, the IsoMod Policy Language admits an efficient implementation strategy. Name visibility control in the style of IsoMod is therefore a lightweight access control mechanism for Java-style Language environments.
Lalana Kagal - One of the best experts on this subject based on the ideXlab platform.
-
a Policy based approach to security for the semantic web
International Semantic Web Conference, 2003Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:Along with developing specifications for the description of meta-data and the extraction of information for the Semantic Web, it is important to maximize security in this environment, which is fundamentally dynamic, open and devoid of many of the clues human societies have relied on for security assessment. Our research investigates the marking up of web entities with a semantic Policy Language and the use of distributed Policy management as an alternative to traditional authentication and access control schemes. The Policy Language allows policies to be described in terms of deontic concepts and models speech acts, which allows the dynamic modification of existing policies, decentralized security control and less exhaustive policies. We present a security framework, based on this Policy Language, which addresses security issues for web resources, agents and services in the Semantic Web.
-
a Policy Language for a pervasive computing environment
IEEE International Workshop on Policies for Distributed Systems and Networks, 2003Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:We describe a Policy Language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic Language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to Policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A Policy Language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our Policy Language in pervasive environments through a prototype used as part of a secure pervasive system.
-
Rei : A Policy Language for the Me-Centric Project
2002Co-Authors: Lalana KagalAbstract:Policies guide the way entities within a domain act, by providing rules for their behavior. Most of the research in policies is within a certain application area, for example security for databases, and there are no general specifications for policies. Another problem with policies is that they require domain dependent information, forcing researchers to create Policy Languages that are bound to the domains for which they were developed. This prevents Policy Languages from being flexible and being usable across domains. This report describes the specifications of the Rei Policy Language, which provides constructs based on deontic concepts. These constructs are extremely flexible and allow different kinds of policies to be stated. This simple Policy Language is not tied to any specific application and allows domain dependent information to be added without any modification. The Policy engine associated with Rei accepts policies in first order logic and RDF. The report also discusses the functionality of the Policy engine that interprets and reasons over Rei policies.
-
Policy - A Policy Language for a pervasive computing environment
Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, 1Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:We describe a Policy Language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic Language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to Policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A Policy Language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our Policy Language in pervasive environments through a prototype used as part of a secure pervasive system.
Timothy W Finin - One of the best experts on this subject based on the ideXlab platform.
-
a Policy based approach to security for the semantic web
International Semantic Web Conference, 2003Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:Along with developing specifications for the description of meta-data and the extraction of information for the Semantic Web, it is important to maximize security in this environment, which is fundamentally dynamic, open and devoid of many of the clues human societies have relied on for security assessment. Our research investigates the marking up of web entities with a semantic Policy Language and the use of distributed Policy management as an alternative to traditional authentication and access control schemes. The Policy Language allows policies to be described in terms of deontic concepts and models speech acts, which allows the dynamic modification of existing policies, decentralized security control and less exhaustive policies. We present a security framework, based on this Policy Language, which addresses security issues for web resources, agents and services in the Semantic Web.
-
a Policy Language for a pervasive computing environment
IEEE International Workshop on Policies for Distributed Systems and Networks, 2003Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:We describe a Policy Language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic Language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to Policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A Policy Language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our Policy Language in pervasive environments through a prototype used as part of a secure pervasive system.
-
Policy - A Policy Language for a pervasive computing environment
Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, 1Co-Authors: Lalana Kagal, Timothy W Finin, Anupam JoshiAbstract:We describe a Policy Language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic Language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to Policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A Policy Language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our Policy Language in pervasive environments through a prototype used as part of a secure pervasive system.
