Use this URL to cite or link to this record in EThOS:
Title: Privacy trust access control infrastructure using XACML
Author: Mbanaso, Uche Magnus
ISNI:       0000 0004 2690 3419
Awarding Body: University of Salford
Current Institution: University of Salford
Date of Award: 2009
Availability of Full Text:
Access from EThOS:
Access from Institution:
The use of personal, sensitive information, such as privileges and attributes, to gain access to computer resources in distributed environments raises an interesting paradox. On one hand, in order to make the services and resources accessible to legitimate users, access control infrastructure requires valid and provable service clients' identities or attributes to make decisions. On the other hand, the service clients may not be prepared to disclose their identity information or attributes to a remote party without determining in advance whether the service provider can be trusted with such sensitive information. Moreover, when clients give out personal information, they still are unsure of the extent of propagation and use of the information. This thesis describes an investigation of privacy preserving options in access control infrastructures, and proposes a security model to support the management of those options, based on extensible Access Control Markup Language (XACML) and Security Access Markup Language (SAML), both of which are OASIS security standards. Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access control management systems lean towards being user-centric or federated, unilateral approaches can no longer adequately preserve the client's privacy, particularly where communicating parties have no pre-existing trust relationship. As a result, a unified approach that significantly improves privacy and confidentiality protection in distributed environments was considered. This resulted in the development of XACML Trust Management Authorization Infrastructure (XTMAI) designed to handle privacy and confidentiality mutually and simultaneously using the concept of Obligation of Trust (OoT) protocol. The OoT enables two or more transaction parties to exchange Notice of Obligations (NoB) (obligating constraints) as well as Signed Acceptance of Obligation (SAO), a proof of acceptance, as security assurances before exchange of sensitive resources.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available