Information carrying identity proof trees

Wiliam H. Winsborough, Anna C. Squicciarini, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.

Original languageEnglish (US)
Title of host publicationWPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society
Pages76-79
Number of pages4
DOIs
StatePublished - Dec 1 2007
Event6th ACM Workshop on Privacy in the Electronic Society, WPES'07, Held in Association with the 14th ACM Computer and Communications Security Conference - Alexandria, VA, United States
Duration: Oct 29 2007Oct 29 2007

Publication series

NameWPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society

Other

Other6th ACM Workshop on Privacy in the Electronic Society, WPES'07, Held in Association with the 14th ACM Computer and Communications Security Conference
CountryUnited States
CityAlexandria, VA
Period10/29/0710/29/07

Fingerprint

Logic programming
Open systems
open system
authorization
logic
evaluation
resources
programming

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Social Sciences (miscellaneous)

Cite this

Winsborough, W. H., Squicciarini, A. C., & Bertino, E. (2007). Information carrying identity proof trees. In WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (pp. 76-79). (WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society). https://doi.org/10.1145/1314333.1314348
Winsborough, Wiliam H. ; Squicciarini, Anna C. ; Bertino, Elisa. / Information carrying identity proof trees. WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. 2007. pp. 76-79 (WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society).
@inproceedings{ec3ce45a6b4646a299b3b732541519d5,
title = "Information carrying identity proof trees",
abstract = "In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.",
author = "Winsborough, {Wiliam H.} and Squicciarini, {Anna C.} and Elisa Bertino",
year = "2007",
month = "12",
day = "1",
doi = "10.1145/1314333.1314348",
language = "English (US)",
isbn = "9781595938831",
series = "WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society",
pages = "76--79",
booktitle = "WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society",

}

Winsborough, WH, Squicciarini, AC & Bertino, E 2007, Information carrying identity proof trees. in WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 76-79, 6th ACM Workshop on Privacy in the Electronic Society, WPES'07, Held in Association with the 14th ACM Computer and Communications Security Conference, Alexandria, VA, United States, 10/29/07. https://doi.org/10.1145/1314333.1314348

Information carrying identity proof trees. / Winsborough, Wiliam H.; Squicciarini, Anna C.; Bertino, Elisa.

WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. 2007. p. 76-79 (WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Information carrying identity proof trees

AU - Winsborough, Wiliam H.

AU - Squicciarini, Anna C.

AU - Bertino, Elisa

PY - 2007/12/1

Y1 - 2007/12/1

N2 - In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.

AB - In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.

UR - http://www.scopus.com/inward/record.url?scp=79959637422&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79959637422&partnerID=8YFLogxK

U2 - 10.1145/1314333.1314348

DO - 10.1145/1314333.1314348

M3 - Conference contribution

AN - SCOPUS:79959637422

SN - 9781595938831

T3 - WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society

SP - 76

EP - 79

BT - WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society

ER -

Winsborough WH, Squicciarini AC, Bertino E. Information carrying identity proof trees. In WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. 2007. p. 76-79. (WPES'07 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society). https://doi.org/10.1145/1314333.1314348