Abstract
We describe a generic attribute-based identity management system. It aims to support the large variety of security requirements induced by applications for the IoT. Hence, we discuss various management options for system entities. We show how attribute assurance can be used to reliably define attributes within groups of identities. Apart from enabling personalized identity and policy enforcement schemes, this provides a feasible trade-off between the flexibility and scalability needs and the policy definition and enforcement requirements in the IoT. We provide a proof-of-concept implementation of our framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Filtering which attribute values from the user, service or device correspond to the attributes referenced by the policy is disregarded (same algorithm for every case).
- 2.
n is number of attribute values for the entity, such as the SensIoT device.
- 3.
References
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 45–55. ACM, New York (2004)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, pp. 561–569, July 2005. doi:10.1109/ICWS.2005.25
Hu, V.C., Scarfone, K., Kuhn, R., Sandlin, K.: Guide to attribute based access control (ABAC) definition and considerations. Technical report, Nation Institute for Standards and Technologies, January 2014
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Park, J., Sandhu, R.: The \(UCON_{ABC}\) usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Jensen, J.: Federated identity management challenges. In: Seventh International Conference on Availability, Reliability and Security, pp. 230–235. IEEE, August 2012
Beres, Y., Baldwin, A., Mont, M.C., Shiu, S.: On identity assurance in the presence of federated identity management systems. In: Proceedings of the ACM Workshop on Digital Identity Management, DIM 2007, pp. 27–35. ACM, New York (2007)
Thomas, I., Meinel, C.: Enhancing claim-based identity management by adding a credibility level to the notion of claims. In: 2013 IEEE International Conference on Services Computing, pp. 243–250 (2009)
Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)
Johnston, W., Mudumbai, S., Thompson, M.: Authorization and attribute certificates for widely distributed access control. In: Proceedings of the 7th Workshop on Enabling Technologies, pp. 340–345. IEEE Computer Society, Washington, D.C. (1998)
Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. J. Comput. Secur. 10(3), 241–271 (2002)
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169–180 (2009)
Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a PKI environment. ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 135–140. ACM, New York (2002)
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)
Guo, S., Lai, X.: An access control approach of multi security domain for web service. Procedia Eng. 15, 3376–3382 (2011)
Cha, B.R., Seo, J.H., Kim, J.W.: Design of attribute-based access control in cloud computing environment. In: Kim, K.J., Ahn, S.J. (eds.) Proceedings of the International Conference on IT Convergence and Security. Lecture Notes in Electrical Engineering, vol. 120, pp. 41–50. Springer, Netherlands (2012)
Arias Cabarcos, P., Almenárez, F., Gómez Mármol, F., MarÃn, A.: To federate or not to federate: a reputation-based mechanism to dynamize cooperation in identity management. Wireless Pers. Commun. 75(3), 1769–1786 (2014)
Tourzan, J., Koga, Y. (eds.): Liberty ID-WSF web services framework overview (Version 2.0). Technical report, Liberty Alliance Project (2006)
Acknowledgements
The research leading to these results has received funding from the European Union’s FP7 project COMPOSE, under grant agreement 317862.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Parra Rodriguez, J.D., Schreckling, D., Posegga, J. (2015). Identity Management in Platforms Offering IoT as a Service. In: Giaffreda, R., et al. Internet of Things. User-Centric IoT. IoT360 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 150. Springer, Cham. https://doi.org/10.1007/978-3-319-19656-5_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-19656-5_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19655-8
Online ISBN: 978-3-319-19656-5
eBook Packages: Computer ScienceComputer Science (R0)