BUSINESS-DRIVEN ENTERPRISE AUTHORIZATION - Moving towards a unified authorization architecture

Tom Beiler

2004

Abstract

Information systems of large enterprises experience a shift from an application-centric architecture towards a focus on process orientation and web services. The information system is opened to business partners to allow for self-management and seamless cross-enterprise process integration. Aiming at higher flexibility and lower costs, this strategy also produces great new challenges the security and administrative support systems have to cope with. The security of the enterprise system has to keep up and scale with the new qualitive level of the overall system. In this context we propose an enterprise authorization system model which allows a unified treatment of the enterprise’s authorization issues, and permits the native integration of authorization processes into the business system for greater synergy. The proposed model supports information system architects to avoid that authorization becomes a major obstacle for the new architecture strategy.

References

  1. Bertino, E., Catania, B., Ferrari, E., Perlasca, P., 2001. A logical framework for reasoning about access control models, Symposium on Access Control Methodologies and Techniques (SACMAT).
  2. Dai, J., Alves-Foss, J., 2000. Logic based authorization policy engineering, available at: citeseer.nj.nec.com/596575.html.
  3. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S., 2001. Flexible support for multiple access control policies, ACM Transactions on Database Systems, vol. 26, no 2.
  4. Karjoth, G., 2001. The authorization model of Tivoli Policy Director, Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana, pages 319-328.
  5. Karjoth, G., Schunter, M., 2002. A privacy model for enterprises, Proceedings of the 15th IEEE Computer Security Foundations Workshop.
  6. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., 1996. Role-based access control models, In IEEE Computer, vol. 29, no 2.
  7. Sandhu, R., Ferraiolo, D., and Kuhn, R. 2001. The NISTmodel for role-based access control: Towards a unified standard, Proceedings of 5th ACM Workshop on RoleBased Access Control, Berlin, Germany.
  8. Varadharajan, V., Crall, C., Pato, J., 1998. Authorization in enterprise-wide distributed system: a practical approach, 14th Annual Computer Security Application Conference (ACSAC).
  9. Woo, T.Y.C., Lam, S.S., 1993. Authorization in distributed systems: a new approach. Journal of Computer Security, vol. 2, no. 2-3, pages 107-136.
  10. Zhang, L., Ahn, G.J., and Chu, B.T., 2001. A rule-based framework for role-based delegation, 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, Virginia.
  11. Ribeiro, C., Guedes, P. 1999. SPL: An access control language for security policies with complex constraints, Technical Report RT/0001/99, INESC.
Download


Paper Citation


in Harvard Style

Beiler T. (2004). BUSINESS-DRIVEN ENTERPRISE AUTHORIZATION - Moving towards a unified authorization architecture . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-00-7, pages 67-72. DOI: 10.5220/0002643100670072


in Bibtex Style

@conference{iceis04,
author={Tom Beiler},
title={BUSINESS-DRIVEN ENTERPRISE AUTHORIZATION - Moving towards a unified authorization architecture},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2004},
pages={67-72},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002643100670072},
isbn={972-8865-00-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - BUSINESS-DRIVEN ENTERPRISE AUTHORIZATION - Moving towards a unified authorization architecture
SN - 972-8865-00-7
AU - Beiler T.
PY - 2004
SP - 67
EP - 72
DO - 10.5220/0002643100670072