Publication Entry

[Back]

Talks and Poster Presentations (with Proceedings-Entry):

M. Jung, G. Kienesberger, W. Granzer, M. Unger, W. Kastner:
"Privacy enabled Web service access control using SAML and XACML for home automation gateways";
Talk: 6th International Conference for Internet Technology and Secured Transactions, Abu Dhabi; 2011-12-11 - 2011-12-14; in: "Proceedings of the 6th International Conference for Internet Technology and Secured Transactions", IEEE, (2011), 584 - 591.

English abstract:

A recent trend in home automation are gateways that offer a Web service based Application Programming Interface (API) to access an underlying home automation system. Due to the ease of use and the interoperability of Web services numerous use cases can be found for third party applications using such APIs. Smart homes allow to control nearly every aspect of living within a building, which also imposes great security and privacy concerns. Therefore this paper contributes a generic access control concept for Web service based APIs using
the Security Assertion Markup Language and the Extensible Access Control Markup Language. This concept allows a user to securely authorize the access of third party applications to the home automation system in order to protect privacy and to ensure security. The access control concept is generic since no API change is required leaving the service provider and service consumer untouched.

German abstract:

A recent trend in home automation are gateways that offer a Web service based Application Programming Interface (API) to access an underlying home automation system. Due to the ease of use and the interoperability of Web services numerous use cases can be found for third party applications using such APIs. Smart homes allow to control nearly every aspect of living within a building, which also imposes great security and privacy concerns. Therefore this paper contributes a generic access control concept for Web service based APIs using
the Security Assertion Markup Language and the Extensible Access Control Markup Language. This concept allows a user to securely authorize the access of third party applications to the home automation system in order to protect privacy and to ensure security. The access control concept is generic since no API change is required leaving the service provider and service consumer untouched.

Keywords:

Home automation, Web services, access control

Electronic version of the publication:

http://publik.tuwien.ac.at/files/PubDat_203816.pdf

Related Projects:

Project Head Wolfgang Kastner:
Smart Grid Modellregion Salzburg - Konzeption eines Informationsmodells für webbasierten Zugriff auf Smart Grid Daten