A Policy Engineering Framework for Federated Access Management

Get BibTex-formatted data

Download

PDF

Author

Rafae Bhatti

Tech report number

CERIAS TR 2006-13

Entry type

phdthesis

Abstract

Federated systems are an emerging paradigm for information sharing and inte- gration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interopera- tion. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This work describes the design of a policy- engineering framework, called X-FEDERATE, for specification and enforcement of access management policies in federated systems. It has been designed from the perspectives of both security management and software engineering to not only al- low specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework comprises of an access control language specification that is an extension of the well-accepted Role Based Access Control (RBAC) standard. The language extends RBAC to incorpo- rate various essential features for federated access management. The framework also includes the design of an administrative model targeted at access control policy ad- ministration in a decentralized environment. The framework has been implemented as a research prototype that illustrates the use of X-FEDERATE as an enabling technology for secure Web-based federation with applications in federated digital libraries and federated electronic healthcare management.

Download

PDF

Key alpha

access control, policy based management, federated systems

Organization

Purdue University

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Phdthesis{ access control, policy based management, federated systems,
	title = "A Policy Engineering Framework for Federated Access Management",
	author = "Rafae Bhatti",
	organization = "Purdue University",
	abstract = "Federated systems are an emerging paradigm for information sharing and inte-
gration. Such systems require access management policies that not only protect
user privacy and resource security but also allow scalable and seamless interopera-
tion. Current solutions to distributed access control generally fail to simultaneously
address both dimensions of the problem. This work describes the design of a policy-
engineering framework, called X-FEDERATE, for specification and enforcement of
access management policies in federated systems. It has been designed from the
perspectives of both security management and software engineering to not only al-
low specification of requirements for federated access management but also allow
development of standardized policy definitions and constructs that facilitate policy
deployment and enforcement in a federated system. The framework comprises of an
access control language specification that is an extension of the well-accepted Role
Based Access Control (RBAC) standard. The language extends RBAC to incorpo-
rate various essential features for federated access management. The framework also
includes the design of an administrative model targeted at access control policy ad-
ministration in a decentralized environment. The framework has been implemented
as a research prototype that illustrates the use of X-FEDERATE as an enabling
technology for secure Web-based federation with applications in federated digital
libraries and federated electronic healthcare management.",
}