Delegation Assistance

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Achim D. Brucker Articles by Helmut Petritsch Articles by Andreas Schaad

2009 IEEE International Symposium on Policies for Distributed Systems and Networks

London, UK

July 20-July 22

ISBN: 978-0-7695-3742-9

	ASCII Text	x
	Achim D. Brucker, Helmut Petritsch, Andreas Schaad, "Delegation Assistance," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 84-91, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, 2009.

	BibTex	x
	@article{ 10.1109/POLICY.2009.35, author = {Achim D. Brucker and Helmut Petritsch and Andreas Schaad}, title = {Delegation Assistance}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2009}, isbn = {978-0-7695-3742-9}, pages = {84-91}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2009.35}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Delegation Assistance SN - 978-0-7695-3742-9 SP84 EP91 A1 - Achim D. Brucker, A1 - Helmut Petritsch, A1 - Andreas Schaad, PY - 2009 KW - delegation and revocation KW - policy enforcement KW - security services KW - security architecture VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

Achim D. Brucker

Helmut Petritsch

Andreas Schaad

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/POLICY.2009.35

Today's IT systems typically comprise a fine-grained access control mechanism based on complex policies. The strict enforcement of these policies, at runtime, always contains the risk of hindering people in their regular work. An efficient support for assisted delegation can help in resolving the conflict between too tight access control and the required flexibility as well as support the resolution of conflicts. Here, assisted delegation means that, additional to denying the access, a user is informed about a list of users that could either grant him access to the requested resource or which could execute this task in behalf of the user. In this paper, we present an approach for determining a set of users which are able to resolve an access control conflict. This set is based on various information sources and are ordered with respect to different distance functions. We show that one distance function can be used to serve different types of contextual input, e.g., role hierarchies, geospatial information as well as shared business object structure data or social network graphs.

Index Terms:

delegation and revocation, policy enforcement, security services, security architecture

Citation:

Achim D. Brucker, Helmut Petritsch, Andreas Schaad, "Delegation Assistance," policy, pp.84-91, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.