Design and Development of the Dynamic DRBAC Model using PMI and XACML-based Authorization

Fugkeaw, Somchart; Manpanpanich, Plyawit; Juntapremjitt, Sekpon
April 2009
Journal of Digital Information Management;Apr2009, Vol. 7 Issue 2, p63
Academic Journal
In the distributed computing environment, collaboration and resource sharing among several organizations are subjects of concern. Well-established authentication and authorization are thus vital. This paper proposes a novel design and implementation of Distributed RBAC (DRBAC) and Single Sign-On (SSO) system that spans over multiple administrative domains. Our key idea is based on Multi-Agent Systems (MAS) technique owing to its modularity, autonomy, distributedness, flexibility, and scalability. All agents serve their specific purposes. We use PKI technology to secure both intra- and inter- domain agents communication as well as to establish trust relationships. The Security Assertion Markup Language (SAML) is adopted to support the exchange of authentication and authorization information in the architecture. The authorization scheme is based on the Privilege Management Infrastructure (PMI). In addition, we incorporate the XACML authorization concept into the MAS engine to support the relying parties or organizations whose their access control systems are written in XACML policy. Finally, we reported our extended implementation status and introduce the multi-instance processing technique to enhance the performance of the overall system.


Related Articles

  • LRAC: A Hybrid Access Control Model for Virtual Campus Grid Organization. Nithya, M.; Wahidabanu, R. S. D. // European Journal of Scientific Research;9/9/2011, Vol. 59 Issue 3, p342 

    Grid has established itself as an area which enables multiple organizations to share computing related resources under a common platform called as virtual organization. One of the key challenges in managing virtual organization is protecting the assets of the organization. Though each physical...

  • Password Authentication Scheme with Secured Login Interface. Akinwale, A. T.; Ibharalu, F. T. // Computer Science & Telecommunications;2010, Vol. 24 Issue 1, p48 

    This paper presents a novel solution to the age long problem of password security at input level. In our solution, each of the various characters from which a password could be composed is encoded with a random single digit integer and presented to the user via an input interface form. A...

  • A Secure Mobile Agents Platform. Ismail, Leila // Journal of Communications;Apr2008, Vol. 3 Issue 2, p1 

    Mobile Agents is a new paradigm for distributed computing where security is very essential to the acceptance of this paradigm in a large scale distributed environment. In this paper, we propose protection mechanisms for mobile agents. In these mechanisms, the authentication of mobile agents and...

  • From Authentication to Access Management: The Potential of Shibboleth. Thompson, Tracy L. // AALL Spectrum;Feb2006, Vol. 10 Issue 4, Special section p10 

    The article considers the use of Shibboleth, an open source, standards-based access management solution based on Security Assertion Markup Language version 1.1. The key rationale of Shibboleth is discussed. The impact of Shibboleth on user authentication is explained. The mechanics by which...

  • User interface design affects security: patterns in click-based graphical passwords. Chiasson, Sonia; Forget, Alain; Biddle, Robert; Oorschot, P. // International Journal of Information Security;Dec2009, Vol. 8 Issue 6, p387 

    Design of the user interface for authentication systems influences users and may encourage either secure or insecure behaviour. Using data from four different but closely related click-based graphical password studies, we show that user-selected passwords vary considerably in their...

  • Passwords: Do User Preferences and Website Protocols Differ From Theory? Barra, Roberta Ann; McLeod, Alexander; Savage, Arline; Simkin, Mark G. // Journal of Information Privacy & Security (Ivy League Publishing;2010, Vol. 6 Issue 4, p50 

    Despite the availability of superior authentication tools, password security continues to be an important access control in modern, computer-based systems. Are strong passwords used in these systems? Under what conditions are users willing to adopt stronger passwords? To answer these questions,...

  • Balancing access and security. Berkowitz, Lyle; Brostoff, George // Behavioral Healthcare;Dec2007, Vol. 27 Issue 12, p30 

    The article discusses computer system privacy issues in hospitals and clinics, including behavioral healthcare environments. According to the article, the two distinct issues that should be understood and considered are security and authentication. Solutions for increased security such as...

  • Privacy-enhanced, Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability. Kui Ren; Wenjing Lou // Mobile Networks & Applications;Feb2007, Vol. 12 Issue 1, p79 

    Abstract??In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and...

  • Providing strong access control in campus computer network by using RADIUS server. Trikos, Mladen; Simic, Dejan // TTEM- Technics Technologies Education Management;2011, Vol. 6 Issue 2, p482 

    The possession of access control is of prime importance to secure important, confidential, or sensitive information and equipment. By designing the security of computer network to allow access only to authorized devices you have the ability to produce an environment that is more stable, more...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics