Semantic Interoperability of Authorizations

Mariemma I. Yagüe, Antonio Maña, Francisco Sánchez


The shift from paper documents to their respective electronic formats is producing important advantages in the functioning of businesses and Public Administrations. However, this shift is often limited to the internal operation of each entity because of the lack of security in the electronic communication mechanisms. Traditionally, these entities have managed their Local Area Networks (LANs) or even Virtual Private Networks (VPN) as isolated islands, where local identity-based authorization schemes were appropriate. But, the trend towards paperless procedures leads to the need for these entities to interoperate. As an advance, extranets were proposed to connect entities that share common goals in a way that automates their administrative interactions using Internet technology. However, the limited authorization and access control capabilities provided by extranets is a mayor drawback for their application in open and heterogeneous scenarios. Trust appears as the main issue to address in order to achieve secure interoperation of different independent entities. This paper presents a solution to this problem, based on the use of Privilege Management Infrastructures (PMIs) and the semantic description of the different authorization entities.


  1. Sheth, A., Larson, J.: Federated Database Systems for Managing Distributed, Heterogeneous and Autonomous Databases. ACM Computing Surveys, 22(3) (1990) 183 - 236
  2. World Wide Web Consortium: Semantic Web Services Interest Group. Retrieved January 2003 from
  3. International Telecommunication Union (2000). ITU-T Recommendation X.509. Information technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks. Technical Cor. 3 (02/03) [Electronic version] 200302-P!Cor3
  4. International Telecommunication Union (1997). ITU-T Recommendation X.509, Information Technology - Open systems interconnection - The Directory: Authentication Framework. 1997. [Electronic version] 200302-T!Cor5
  5. Qian, X., Lunt, T.F.: A MAC policy framework for multilevel relational databases. IEEE Transactions on Knowledge and Data Engineering, 8(1) (1996) 1-14
  6. Baraani, A., Pieprzyk, J., Safavi-Naini, R.: Security In Databases: A Survey Study. Retrieved September 2003 from [ (1996)
  7. Sandhu, R., Ferraiolo, D., Kuhn, R.: The Nist model for role-based access control: Towards a unified standard. In Proceedings of 5th ACM Workshop on Role-Based Access Control. Berlin, Germany (2000)
  8. López, J., Maña, A. and Yagüe, M.I: XML-based Distributed Access Control System. Lecture Notes in Computer Science, Vol. 2455. Springer-Verlag (2002)
  9. Yagüe, M.I., Maña, A., López, J., Pimentel, E., Troya, J.M.: A Secure Solution for Commercial Digital Libraries. Online Information Review Journal, 27(3): 147-159. Emerald Publishers (2003)
  10. World Wide Web Consortium: XML-Signature Syntax and Processing (2002) [Electronic version]

Paper Citation

in Harvard Style

I. Yagüe M., Maña A. and Sánchez F. (2004). Semantic Interoperability of Authorizations . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 269-278. DOI: 10.5220/0002682402690278

in Bibtex Style

author={Mariemma I. Yagüe and Antonio Maña and Francisco Sánchez},
title={Semantic Interoperability of Authorizations},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},

in EndNote Style

JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Semantic Interoperability of Authorizations
SN - 972-8865-07-4
AU - I. Yagüe M.
AU - Maña A.
AU - Sánchez F.
PY - 2004
SP - 269
EP - 278
DO - 10.5220/0002682402690278