Since TaToo will facilitate discovery and access of a wide range of environmental resources and web-based services we have to think about how security can be provided in such an environment. Some of those services or resources may require a registration or usage fee, may be subject to copyright or lawful restrictions or may not be available to the public for some reason (Dihé et.al, 2010).
A service provider who is willing to make non-public services discoverable, accessible and tag-able by TaToo should be offered the possibility to control who can do what with his services. But not only the external services and resources accessed by TaToo may require protection. Also the access to TaToo’s public services (e.g. tagging and search) must be regulated to prevent potential misuse.
TaToo services, especially those services having public interfaces and allowing manipulation meta-information have to be access controlled. Access control encompasses registration / management of identities (“users”), their authentication (“login”) and the enforcement of the access restrictions (authorisation).
Terms and Definitions