In order to ensure end user devices are healthy enough to gain access to the network, providers are making use of advanced network access control solutions, which propose an evaluation of configuration information (posture) about the device itself before providing access to the network. However, current solutions are focused on intra-domain scenarios, where… (More)
Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or mobile IP. This paper presents a particular scenario where access rules are based not only on the identity of the different users, but also on authorization data… (More)
The expansion of inter-organizational scenarios based on different authorization schemes involves the development of integration solutions allowing different authorization domains to share, in some way, protected resources. This paper analyzes different emerging technologies. On the one hand, we have two XML-based standards, the SAML standard, which is… (More)
Security is considered as a key service in IP networks. This is equally true for IPv4- and IPv6-based networks, and for them the IPsec protocol was defined to provide security at the network layer. IPsec can be used in different scenarios, being the VPN the most widely used. However, IPsec-based VPNs are experiencing important limitations mainly because… (More)
A proposed identity management framework provides privacy protection, by means of virtual identities, and cross-layer single sign-on for users who subscribe to multiple service and identity providers.
Hierarchical cross-certification fits well within large organizations that want their root CA to have direct control over all subordinate CAs. However, both Peer-to-Peer and Bridge CA cross-certification models suits better than the hierarchical one with organizations where a certain level of flexibility is needed to form and revoke trust relationships with… (More)
A recent European research project provides an ideal opportunity to migrate the Java-based UMU-PKI to IPv6 and build new security services over it. G enerally speaking, a public key infrastructure (PKI) is a set of hardware , software, people, and procedures needed to create, manage, store, distribute , and revoke public key certificates. With these in… (More)
In recent years, organizations are starting to demand a finer user access control in order to offer added-value services, while end users desire more control over their private information. Several approaches have been proved to be efficient in protecting basic scenarios. However, in scenarios requiring advanced features, such as advanced authorization… (More)