Abstract: The present description refers in particular to a method, a system, and a computer program product for access control using resource filters for a strict separation of application and security logic. The computer-implemented method for access control may include receiving at least one access request to at least one resource from an application; providing a resource hierarchy for the at least one resource, the resource having at least one resource class, wherein the resource hierarchy is defined in a single resource; providing a policy comprising at least one access control rule for accessing at least one element of the at least one resource class; verifying the at least one access request based on the policy through an authorization service; and processing the at least one access request through a service interface.

Abstract: Performing an untraceable secret matching between a first credential associated with a first property of a first user and a second credential associated with a second property of a second user includes receiving the first credential, receiving a matching reference formed so the first user can detect a matching of the first property with a remote property from a credential of another user, supplying a first nonce value to the second user, receiving a hidden version of the second credential from the second user formed by the second user on the basis of the second credential, the first nonce value supplied by the first user and a random value locally generated on a side of the second user, and performing the matching by combining the first credential and the received hidden credential with the first nonce value and comparing the combination with the matching reference.

Abstract: Performing an untraceable secret matching between a first credential associated with a first property of a first user and a second credential associated with a second property of a second user includes receiving the first credential, receiving a matching reference formed so the first user can detect a matching of the first property with a remote property from a credential of another user, supplying a first nonce value to the second user, receiving a hidden version of the second credential from the second user formed by the second user on the basis of the second credential, the first nonce value supplied by the first user and a random value locally generated on a side of the second user, and performing the matching by combining the first credential and the received hidden credential with the first nonce value and comparing the combination with the matching reference.

Abstract: The present description refers in particular to a method, a system, and a computer program product for access control using resource filters for a strict separation of application and security logic. The computer-implemented method for access control may include receiving at least one access request to at least one resource from an application; providing a resource hierarchy for the at least one resource, the resource having at least one resource class, wherein the resource hierarchy is defined in a single resource; providing a policy comprising at least one access control rule for accessing at least one element of the at least one resource class; verifying the at least one access request based on the policy through an authorization service; and processing the at least one access request through a service interface.