Hui-Lan Lu

On dynamic access control in Web 2.0 and beyond: Trends and technologies

The Web in the Internet today—especially when it comes to the Internet of Things and cloud computing—is the Web of resources. A photo album, an appointment calendar, a telephone bill, a health record are all resource examples, listed here in the increasing order of expected privacy protection. A few properties of these resources define the roles of three major actors: The resources belong to their owner, they are hosted by the service provider, and they increasingly need to be shared (say, to support mash-up) with consumers. Owners authorize consumers access to their resources, which providers then grant to the consumers upon authenticating them and checking for proper authorization. In the past, this was achieved by maintaining an access control list for each resource at the service provider. Typically, such a list specifies all consumers along with their privileges. Emerging trends in social networking and cloud computing require elasticity, or, in other words, the ability to grant resource access to new consumers on the fly. Naturally, this comes with ever-increasing requirements for privacy, which dictate strong authentication of all actors involved as well as cryptographic protection of the involved communication sessions. We share the industry expectation that the technology that solves the above problem will be a major enabler for applications based on technologies that range from social networking, to video-on-demand, to health care, to smart metering, and—especially—to cloud computing. This paper reviews the state-of-the-art technologies, including the emerging Open Authorization Protocol (OAuth) 2.0, and presents our own solution in this space, which removes an intermediary and gives the owner of a resource immediate control over defining access to that resource.

Overview of data and telecommunications security standardization efforts in ISO, IEC, ITU, and IETF

With the continuing growth of data communications — and especially the Internet and its integration with telecommunications — security matters have become increasingly important. In particular, the development of high-speed packet data communications over air interfaces and their folding into the overall converged networks present an ever increasing set of security issues for major network providers and for enterprise (information technology) environments as well. International and national standards bodies have thus focused on a broad range of subjects applicable to security. Over time, these major standards bodies have become interdependent. In this paper, we address the major efforts of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) through Joint Technical Committee 1 (JTC 1) and also the efforts of the International Telecommunication Union (ITU) and the Internet Engineering Task Force (IETF). We undertake specifically to explain the interdependence of efforts undertaken by these organizations, whose work defines the direction in the international data and telecommunications security standards in a significant way.

The emerging resource and admission control function standards and their application to the new triple-play services

The next-generation network (NGN) is characterized by, among other characteristics, the prevalent use of the Internet Protocol (IP) for end-to-end packet transfer. In contrast to todays specialized networks optimized for specific applications, NGN is a general multiservice network that must meet a wide range of application performance needs and security requirements. The key to fulfilling this complex duty is a dynamic, policy-based resource management framework, known as the Resource and Admission Control Functions (RACF). This paper discusses the relevant standardization efforts and provides a vision for the future work in the International Telecommunication Union (ITU), 3rd Generation Partnership Projects (3GPP∗ and 3GPP2), Internet Engineering Task Force (IETF), and European Telecommunications Standards Institute (ETSI). The discussion is illustrated by the applications of the RACF architecture to the new triple-play services: high-speed Internet, IP television (video on demand or regular broadcasts), and telephone service over a single broadband connection.