2006 | OriginalPaper | Buchkapitel
O2O: Virtual Private Organizations to Manage Security Policy Interoperability
verfasst von : Frédéric Cuppens, Nora Cuppens-Boulahia, Céline Coma
Erschienen in: Information Systems Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Nowadays, the interaction between systems is absolutely essential to achieve business continuity. There is a need to exchange and share services and resources. Unfortunately, this does not come without security problems. The organizations (companies, enterprizes, etc.) have to manage accesses to their services and resources by external opponents. O2O is a formal approach we suggest in this paper to deal with access control in an interoperability context. It is based on two main concepts:
Virtual Private Organization
(VPO) and Role Single-Sign On (RSSO). A VPO enables any organization undertaking an inter-operation with other organizations to keep control over the ressources accessed during the interoperability phases. The RSSO principle allows a given subject to keep the same role when accessing to another organization but with privileges defined in the VPO. Thus, using O2O, each organization can define and enforce its own secure interoperability policy. O2O is integrated in the OrBAC model (Organization based access control).