A Policy Engineering Framework for Federated Access Management
Rafae Bhatti - Purdue University
Mar 01, 2006Size: 159.2MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractFederated systems are an emerging paradigm for information sharing and integration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interoperation. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This talk describes the design of a policy-engineering framework, called xFederate, for specification and enforcement of access management policies in federated systems. It has been designed from the perspectives of both security management and software engineering to not only allow specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework also includes the design of an administrative model targeted at access control policy administration in a decentralized environment. Two profiles of the policy language, namely a SAML profile and a WS-Policy profile, have been developed to integrate the framework with industry standards for federation and policy-based management in the emerging Web services paradigm. The talk will include an online demo of a research prototype that illustrates the use of xFederate as an enabling technology for secure Web services with applications in federated digital libraries and federated electronic healthcare management.
About the SpeakerRafae Bhatti is a PhD candidate in the Department of Electrical and Computer Engineering and affiliated with the Center for Education and Reserach in Information Assurance and Security (CERIAS) at Purdue University. His research interests include information systems security, with emphasis on design and administration of access management policies in distributed systems. In his M.S. thesis research at Purdue, he developed an XML-based policy specification framework for distributed access control. His PhD research focuses on the access management problems posed by the emerging federated paradigm of information sharing and collaboration, and on specification of XML-based security protocols for Web-based information systems. His work on XML-based access control framework for the Role Based Access Control (RBAC) model have recently been cited by the OASIS consortium in their official announcement of the RBAC standard.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.