Context Based Enforcement of Authorization for Privacy and Security in Identity Management

  • Vasu Alaga
  • Kaiyu Wan
Part of the The International Federation for Information Processing book series (IFIPAICT, volume 261)

Protecting the identity of an individual is a shared responsibility between the individual, the organizations with whom the individual will be transacting during her life time, and the state of which the individual is a legal resident. Identity theft occurs when someone uses an individual’s personal information without the knowledge of the individual to commit a crime, such as fraud or theft. Of late identity theft has become one of the fastest growing crimes, not only in western countries but also in developing countries where internet dominates business, financial transactions of big organizations, and social activities of individuals. In this paper we discuss a context based enforcement of authorization to protect the privacy of individuals and secure information about them stored in large identity management systems.


Security Policy Identity Management Context Condition Security Condition Atomic Action 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    E. Bertino, E. Ferrari, V. Atluri, “A Flexible Model for the Specification and Enforcement of Role-Based Authorizations in Workflow Management Systems,” In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), ACM Press, New York, 1997, pp. 6-7.Google Scholar
  2. 2.
    S. Claußand M. Köhntopp. Identity management and its support of multilateral security. Computer Networks, 37 (2001), 205-219.CrossRefGoogle Scholar
  3. 3.
    N. Damianou, N. Dulay, E. Lupu, and M. Solomon. The Ponder Policy Specification Lan-guage. Proceedings Policy 2001: Workshop on Policies for Distributed Systems and Net-works, Bristol, UK, 29-31, Jan. 2001.Google Scholar
  4. 4.
    J. DeTreville. Binder, a logic-based security language. Proceedings of the 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, May 2002, 105-113.Google Scholar
  5. 5.
    R. Ortalo. A Flexible Method for Information System Security Policy Specification. Proceedings of 5th European Symposium on Research in Computer Security, 1998. Louvain-la-Neuve, Belgium, Springer-Verlag.Google Scholar
  6. 6.
    J. Rumbaugh, et al: The Unified Modeling Language Reference Manual, Addison-Wesley.Google Scholar
  7. 7.
    Kaiyu Wan, Vasu Alagar. Security Contexts in Autonomic Computing Systems. In Proceedings of Proceedings of 2006 International Conference on Computational Intelligence and Security (CIS2006), November 03-06, 2006, Guangzhou, PRC, page 1523-1527. (also to appear in Lecture Notes in Artificial Intelligence)Google Scholar
  8. 8.
    Fighting Back Against Identity Theft-U.S. Federal Trade Commission.
  9. 9.
    Identity Theft: What is it and What you can do about it?, Office of the Privacy Commissioner of Canada,
  10. 10.
    EuropeanConference”Maintainingtheintegrityofidentitiesandpayments:Twochallengesforfraudprevention”. home/news/information dossiers/conference integrity/index en.htm/Google Scholar

Copyright information

© International Federation for Information Processing 2008

Authors and Affiliations

  • Vasu Alaga
    • 1
  • Kaiyu Wan
    • 2
  1. 1.Concordia UniversityCanada
  2. 2.East China Normal UniversityChina

Personalised recommendations