Auflistung nach Schlagwort "Access Control"
1 - 9 von 9
Treffer pro Seite
Sortieroptionen
- TextdokumentDerived Partial Identities Generated from App Permissions(Open Identity Summit 2017, 2017) Fritsch, Lothar; Momen, NurulThis article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
- Konferenzbeitrag"Do Metaphors Influence the Usability of Access Control?": A Gamified Survey.(Mensch und Computer 2022 - Tagungsband, 2022) Obrezkov, Denis; Sohr, Karsten; Malaka, RainerMetaphors are often considered to be a useful tool in user interface design. They teach a user new mechanics via transferring knowledge from one domain, where the user is experienced, to a new target domain. Specifically, this is helpful in areas with advanced technologies, such as security with its encryption and access control mechanisms. At the same time, some controversy exist on the efficacy of metaphors in user interface design. In this paper, we present our study results on the role of metaphors in a user interface for an access control decision mechanism. We performed our evaluation in a form of a web-based game, obtaining in total 143 responses. The study compared two interface metaphors along with a no-metaphor condition. Our main result suggests that metaphors in user interfaces of security applications can improve user performance, but the observed effect is limited.
- KonferenzbeitragGaining Back the Control Over Identity Attributes: Access Management Systems Based on Self-Sovereign Identity(Open Identity Summit 2024, 2024) Keil, Kenneth-Raphael; Bochnia, Ricardo; Gudymenko, Ivan; Köpsell, Stefan; Anke, JürgenDigital employee cards used for door access control offer benefits, but concerns about traceability, profiling and performance monitoring have led to opposition from workers’ councils and employees. However, the emerging identity management approach, Self-Sovereign Identity (SSI), can address these concerns by giving control over disclosed identity attributes back to the end user. This paper analyzes a real-world access management scenario in a hospital building and applies the SSI paradigm to address the identified issues. The analysis assumes a semi-honest observing attacker sniffing on the payload and the transport layer. The SSI-based proof of concept is shown to have a high potential to protect against traceability and profiling. However, in addition to the careful technical implementation of SSI, it is important to consider non-technical factors such as governance for a holistic solution. We propose potential strategies to further minimize privacy risks associated with SSI-based employee identity management using mediators.
- KonferenzbeitragPermission and Privacy Challenges in Alternate-Tenant Smart Spaces(Open Identity Summit 2021, 2021) Jesus, Vitor; Silva, Catarina; Barraca, João Paulo; Rosner, Gilad; Nehme, Antonio; Waqas, Muhammad; L. Aguiar, RuiWe explore a ‘Smart-BnB scenario’ whereby someone (an Owner) advertises a smart property on a web platform. Renters use the platform for short periods, and may fully enjoy the property, including its smart features such as sensors. This scenario should further ensure the Renter’s privacy, so we use consent receipts and selective sharing. This paper describes a demonstrator of how smart environments can operate in a privacy respecting manner.
- KonferenzbeitragA Policy Language for Integrating Heterogeneous Authorization Policies(Grid service engineering and management – the 4th international conference on grid service engineering and management – GSEM 2007, 2007) Zhou, Wie; Meinel, ChristophIn order to manage and enforce multiple heterogeneous authorization policies in distributed authorization environment, we defined the root policy specification language and its corresponding enforcing mechanism. In a root policy, the involved users and resources can be defined in coarse or fine-grained. Each involved authorization policy’s storage, trust management and enforcement can be defined independently. These authorization policies can be enforced in distributed way. Policy schemas, policy subschemas and policy hierarchies can deal with complex authorization scenarios. The context constraint component makes the root policy is a context-aware authorization system. On the other hand multiple root policies can cooperate together to complete more complicated authorization tasks.
- TextdokumentPolicy-based Access Control for the IoT and Smart Cities(Open Identity Summit 2019, 2019) Omolola, Olamide; More, Stefan; Fasllija, Edona; Wagner, Georg; Alber, LukasThe Internet of Things (IoT) can revolutionise the interaction between users and technology. This interaction generates sensitive and personal data. Therefore, access to the information they provide should be restricted to only authorised users. However, the limited storage and memory in IoT make it impractical to deploy traditional mechanisms to control access. In this paper, we propose a new access control mechanism based on trust policies adapted from LIGHTest. The proposed protocol also handles delegations in the IoT context elegantly. We provide the protocol overview and discuss its practical applications in the IoT environment.
- TextdokumentPolicy-based Authentication and Authorization based on the Layered Privacy Language(BTW 2019 – Workshopband, 2019) Wilhelm, Sebastian; Gerl, ArminIn 2018 the General Data Protection Regulation (GDPR) has been enforced providing a new legal framework with rules and regulations for processing personal data. The requirement for distinguishing between purposes has been introduced, leading to the necessity of adapting existing authentication and authorization processes. We introduce a detailed authentication and authorization extension, which is able to verify requests on personal data based on the Layered Privacy Language (LPL). This extension is evaluated in the form of a benchmark, utilizing the Policy-based De-identification, to demonstrating its efficiency and suitability for data-warehouses.
- KonferenzbeitragToken Based Authorization(Open Identity Summit 2020, 2020) Baruzzi, Giovanni A.A secure, scalable, fine grained and flexible access control is extremely important for the digital society. The approaches used until now (RBAC, Groups in an LDAP Directory, XACML) alone may not be able to deliver to this challenge. Building from past experiences in the Industry, we propose an Access Management Framework where the central role is played by a token containing all the information needed to implement fine grained access control. This Authorization Token should be signed by the approver and embedded into a “claim” to the application at session time. The application, after checking the validity of the token will control access to the desired resource. In this way we can achieve fine granular access control, scalability and independence from network topologies.
- ZeitschriftenartikelVorgehensmodelle für die rollenbasierte Autorisierung in heterogenen Systemlandschaften(Wirtschaftsinformatik: Vol. 49, No. 6, 2007) Wortmann, Felix; Winter, RobertKernpunkteDer State-of-the-Art in Forschung und Praxis zur Autorisierung in heterogenen Systemlandschaften wird dargestellt. Folgende Ergebnisse können aus der Analyse abgeleitet werden:Die existierenden Forschungsbeiträge enthalten nur wenig detaillierte Vorgehensmodelle zur Integration der rollenbasierten Autorisierung.Die Praxis hält konkretere Ansätze bereit, die als Ausgangspunkt für verbesserte Vorgehensmodelle dienen können.Durch eine Kombination von Erkenntnissen aus Theorie und Praxis kann die Grundlage für ein verbessertes Vorgehensmodell geschaffen werden.AbstractThe authors examine how an authorization architecture can be defined which spans various information systems and organizational units. After introducing authorization and architecture fundamentals, related work on authorization, architecture management and role definition is discussed. In particular regarding procedure models for authorization architecture design, these approaches are not very detailed. Moreover they are neither theoretically well-founded nor transparently derived from current industry practices. Therefore two actual industry practices are presented as case studies. By consolidating these practices with findings from current research, a starting point for an improved procedure model for authorization is proposed.