OSIRIS (Open Source Infrastructure for Run-time Integration of Services) is an EU-project funded under the ITEA/EUREKA umbrella, co-funded by the Spanish Ministry of Industry.
OSIRIS aims to integrate technologies developed in Service-Oriented Architectures (SOA) and asynchronous middleware with the goal to provide a flexible open source infrastructure for run-time integration of services. OSIRIS supports the integration of different platforms, services and devices to build added-value services. OSIRIS is an across-domain open source service platform that will provide support for services provisioning, aggregation, delivery, dynamic adaptation to the context and lifecycle management.
Under the scope of OSIRIS, NICS has designed and implemented an advanced authorization and delegation infrastructures to cover the security requirements of OSIRIS Architecture . Between others developments in the proyect, NICS desinged Weighted Trust Graphs (WTG). WTG is a formalism that allows authorization and delegation relationships to be modelled.One of the mayor advantages of WTG is that it allows users to define more complex policies and provides a graphical representation for them. Another difference from previous proposals is that in WTG, delegation statements are defined separately from authorization ones, so a delegation credential does not implicitly give authorization rights .
Moreover, we simulate an authorization and delegation system using knowledge based technology. This proposal is part of a visual tool that is intended to be an implementation of the theoretical model weighted trust graph (WTG) .
- "On the deployment of a real scalable delegation service",
Information Security Technical Report, vol. 12, no. 3, Elsevier, pp. 139-147, Jun 2007. DOI
This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker and Keynote, and also on SDSI/SPKI. Then, we elaborate on Federation as a particular case of delegation, and remark the importance given to federation by the industry. Finally, the paper discusses about privilege management infrastructures, introducing a new mechanism to extend their functionality using advanced delegation services.
- Citekey not found
- "A Representation Model of Trust Relationships with Delegation Extensions",
3th International Conference on Trust Management (iTRUST’05), LNCS 3477, Springer, pp. 9-22, May, 2005. DOI
Logic languages establish a formal framework to solve authorization and delegation conflicts. However, we consider that a visual representation is necessary since graphs are more expressive and understandable than logic languages. In this paper, and after overviewing previous works using logic languages, we present a proposal for graph representation of authorization and delegation statements. Our proposal is based on Varadharajan et al. solution, though improve several elements of that work. We also discuss about the possible implementation of our proposal using attribute certificates.
- "Implementation aspects of a delegation system",
3rd international conference on Mobile multimedia communications (MobiMedia ’07), ICST, pp. 50:1–50:6, 2007.
In this paper we simulate an authorization and delegation system using knowledge based technology. This proposal is part of a visual tool that is intended to be an implementation of the theoretical model weighted trust graph (WTG). A brief description of WTG Model and its associated tool is included in the text. In essence, the model is based on the inclusion of real numbers between zero and one in certificates to represent the trust level between the entities involved in them. This trust level is used to control delegation. Moreover, attributes from di_erent domains may be interrelated, so attribute delegation is also taken into account. The proposed Simulation Engine supports one directional and bidirectional search algorithms.