Research Article
A Decentralized Access Control Model for Dynamic Collaboration of Autonomous Peers
@INPROCEEDINGS{10.1007/978-3-319-28865-9_28, author={Stefan Cra\`{a} and Gerson Joskowicz and Eva K\'{y}hn}, title={A Decentralized Access Control Model for Dynamic Collaboration of Autonomous Peers}, proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2016}, month={2}, keywords={ABAC Delegation P2P Coordination middleware}, doi={10.1007/978-3-319-28865-9_28} }
- Stefan Craß
Gerson Joskowicz
Eva Kühn
Year: 2016
A Decentralized Access Control Model for Dynamic Collaboration of Autonomous Peers
SECURECOMM
Springer
DOI: 10.1007/978-3-319-28865-9_28
Abstract
Distributed applications are often composed of autonomous components that are controlled by different stakeholders. Authorization in such a scenario has to be enforced in a decentralized way so that administrators retain control over their respective resources. In this paper, we define a flexible access control model for a data-driven coordination middleware that abstracts the collaboration of autonomous peers. It supports the definition of fine-grained policies that depend on authenticated subject attributes, content properties and context data. To enable peers to act on behalf of others, chained delegation is supported and permissions depend on trust assumptions about nodes along this chain. Besides access to data, also service invocations, dynamic behavior changes and policy updates can be authorized in a unified way. We show how this access control model can be integrated into a secure middleware architecture and provide example policies for simple coordination patterns.