Search results

This paper seeks to present an overview and some preliminary results of the DAMe project. The main goal of this project was to define a unified authentication and authorisation system for federated services hosted in the eduroam network.

This paper presents the main initiatives and technologies related to the DAMe project and some first designs that show how the main goals are already being achieved.

At present, there are several activities of DAMe in progress, such as the design and implementation of a multiplatform PEAP supplicant, the middleware for managing the SSO tokens and the design of new common services for eduGAIN.

This paper is based on results from the DAMe project and the knowledge of the authors and will be of interest to those in the same field.

This paper aims to present a viable approach for designing and implementing a generic per‐fee‐link framework. It also aims to design this framework to be used with any payment protocol and test it with two existing ones.

The paper presents a per‐fee‐link framework based on several generic components. These components have been developed and tested in order to prove the viability of the proposed framework.

The results show that is possible to establish a per‐fee‐link framework. Four core components are defined: first, the different modules needed for browsers and web servers, second, an extended payment protocol (EPP), which negotiates the payment protocol to use and encapsulates its related messages, third, an API for e‐wallets, which is independent of the payment protocol, to incorporate the protocols to use with EPP and finally, the definition of a per‐fee‐link that associates payment information to a link.

The framework presented shows a uniform way of using payment protocols that can increase the trust of end users. Furthermore, it has been developed and tested.

The contribution describes the components needed for supporting the framework. Its feasibility has been checked through an implementation and it facilitates the payment for content on the web. Thus, content providers can obtain an alternative revenue source to advertisement or subscription. Furthermore, developers, vendors and customers can see that the incorporation of payment protocols to the system is facilitated. Finally, the users obtain a uniform way to make payments that increases the perception of trust.

The purpose of the paper is to provide a two‐tier framework for managing semantic‐aware distributed firewall policies to be applied to the devices existing in one administrative domain.

Special attention is paid to the CIM‐based information model defined as the ontology to be used in this framework and the AI‐based reasoning mechanisms and components used to perform the conflict discovery tasks over the distributed firewall policies.

Mechanisms presented allow the solving some of the current issues of the network‐centric security model being used in the Internet. The two‐tier framework designed provides semantic‐aware mechanisms to perform conflict detection and automatic enforcement of policy rules in the distributed firewall scenario. This framework is based on the use of a standard information model and a semantic‐aware policy language to formally define (and then process) firewall policies.

Ongoing work is focused on identifying all kind of conflicts and anomalies that may exist in firewall systems; in parallel to this task a semi‐automatic resolver of conflicting policies is currently under design.

Network and security administrators can specify firewall policies and validate them to find syntactic and semantic errors (i.e. policy conflicts). A framework for automated validation and distribution of policies at different levels is included. This ensures that firewall policies produce the desired effects, facilitating the creation and maintenance of firewall rules in one administrative domain.

A practical and novel two‐tier system that provides detection of conflicts in rules existing in a distributed firewall scenario and the automatic and secure deployment of these rules. A packet‐filtering model, which is simple and powerful enough for the conflict discovery and rule analysis processes, has been proposed. Moreover, ontology and rule reasoning are being proposed as techniques for the conflict detection problem in this particular scenario.