ITEM METADATA RECORD
Title: Federated authorization for Software-as-a-Service applications
Authors: Decat, Maarten
Lagaisse, Bert
Van Landuyt, Dimitri
Crispo, Bruno
Joosen, Wouter
Issue Date: 9-Sep-2013
Publisher: Springer
Host Document: On the Move to Meaningful Internet Systems: OTM 2013 Conferences vol:8185 pages:342-359
Series Title: Lecture Notes in Computer Science
Conference: On the Move to Meaningful Internet Systems: OTM 2013 Conferences location:Austria date:9-13 September 2013
Abstract: Software-as-a-Service (SaaS) is a type of cloud computing in which a tenant rents access to a shared, typically web-based application hosted by a provider. Access control for SaaS should enable the tenant to control access to data that are located at the provider based on tenant-specific access control policies. To achieve this, state-of-practice SaaS applications provide application-specific access control configuration interfaces and as a result, the tenant policies are evaluated at the provider side. This approach does not support collaboration between provider-side and tenant-side access control infrastructures, thus scattering tenant access control management and forcing the tenant to disclose sensitive access control data. To address these issues, we describe the concept of federated authorization in which management and evaluation of the tenant policies is externalized from the SaaS application to the tenant. This centralizes tenant access control management and lowers the required trust in the provider. This paper presents a generic middleware architecture for federated authorization, describing required extensions to current policy languages and a distributed execution environment. Our evaluation explores the trade-off between performance and security and shows that federated authorization is a feasible and promising approach.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
81850342.pdf Published 439KbAdobe PDFView/Open

 


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science