xDUCON: Cross Domain Usage Control through Shared Data Spaces

Author

Russello, Giovanni ; Dulay, Naranker

Author_Institution

Create-net, Trento, Italy

fYear

2009

fDate

20-22 July 2009

Firstpage

178

Lastpage

181

Abstract

In this paper, we present a preliminary design of a framework for coordinating and enforcing usage control policies across different collaborating organisations. We named our framework xDUCON. The main goal of xDUCON is the specification of usage control policies that concisely capture conditions, authorisations, and obligations on both providers and consumers of resources. The novelty of xDUCON is its enforcement design that is based on the Shared Data Space (SDS) abstraction. The SDS allows the coordination of the decision and enforcement points abstracting from the details of the actual deployment of the framework. Moreover, the SDS abstraction caters for the necessary synchronisation facilities necessary to realise a concrete implementation of control usage framework such as support for entity mutability and control over long-lived sessions to evaluate the access rights of a subject while the access is being executed.

Keywords

authorisation; data structures; formal specification; information management; synchronisation; authorisation; cross domain usage control policy specification; information management; organisation collaboration; shared data space abstraction; synchronisation; xDUCON framework; Authorization; Business; Companies; Computer networks; Concrete; Control systems; Distributed computing; Information management; International collaboration; Permission;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on

Conference_Location

London

Print_ISBN

978-0-7695-3742-9

Electronic_ISBN

978-0-7695-3742-9

Type

conf

DOI

10.1109/POLICY.2009.18

Filename

5197405