1. PRIME Concepts used in BluES’n Demonstration and Briefing Meeting 17/18 November 2005 in Dresden

2. www.blues-portal.de PRIME concepts used in BluES'n Client / Server communication Access control based on policies and on credentials usage of the sanitization enhancement Context management management / switching partial identities (and thus pseudonyms of a context)

3. www.blues-portal.de Communication using PRIME Any BluES'n client/server communication use the PRIME IPv1 infrastructure BluES'n communicates by „value objects“ contains the application specific data resources like structures, texts, pictures, etc... serialized by client/server layer of BluES'n transferred by PRIME responsible for secure transfer (encryption,... ) de serialized by client/server layer of BluES'n

4. www.blues-portal.de Access control by access control list (ACL) or capability ? Traditional Each user gets an unique login Associated roles (in general: membership in groups) Access control is based on these logins/roles/groups (ACL) bad: actions of a user can be tracked and linked user is well known by the system, because of his unique login Well, we don't want unique user logins! but we want to be able to restrict access, where necessary concept: binding rights to resources of the user to the user! using policies & credentials of PRIME (like a capability system)

5. www.blues-portal.de Server side access control |1 Credentials certified values of data BluES'n server issues credentials to the owner/creator of resources Server side access control policies access rules to resources (in RDF) --> subject, object, condition ( any_body, BluES'n specific resource ID, credential is required) access types to resources: (read), write, add, remove no granting of rights to other users implemented (will be!)

6. www.blues-portal.de Server side access control |2