Title: Federated Authorization for SaaS applications
Authors: Decat, Maarten
Lagaisse, Bert
Joosen, Wouter #
Issue Date: 15-Feb-2012
Publisher: CEUR Workshop Proceedings
Host Document: Doctoral Symposium of ESSoS 12 vol:834 edition:1 pages:43-48
Conference: Doctoral Symposium of ESSoS 12 edition:1 location:Eindhoven, The Netherlands date:15 February 2012
Abstract: With Software-as-a-Service (SaaS), a centrally hosted web-based application is offered to a large number of customer organizations called tenants, each using multiple applications. The tenant and provider each work in their own authoritative and administrative domain, leading to a federated architecture and raising the bar for security and access control. Access control with SaaS applications is about protecting the tenant's data at the provider's side using the tenant's policies and user information. In current practice however, all access control policies are evaluated at the provider's side, distributing and fragmenting the tenant's policies over the multiple applications it uses. Moreover, all necessary user information now has to be shared with the provider, resulting in the disclosure of confidential tenant data. Therefore, we propose the concept of federated authorization, a combination of externalized authorization and federated access control techniques whereby the tenant's access control policies are evaluated at the tenant's side using local data.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section
# (joint) last author

Files in This Item:
File Description Status SizeFormat
paper9_essosds2012.pdfOA article Published 149KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.