Rafae Bhatti - Purdue University
"A Policy Engineering Framework for Federated Access Management"
Mar 01, 2006Download: MP4 Video Size: 159.2MB
Watch on YouTube
AbstractFederated systems are an emerging paradigm for information sharing and integration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interoperation. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This talk describes the design of a policy-engineering framework, called xFederate, for specification and enforcement of access management policies in federated systems. It has been designed from the perspectives of both security management and software engineering to not only allow specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework also includes the design of an administrative model targeted at access control policy administration in a decentralized environment. Two profiles of the policy language, namely a SAML profile and a WS-Policy profile, have been developed to integrate the framework with industry standards for federation and policy-based management in the emerging Web services paradigm. The talk will include an online demo of a research prototype that illustrates the use of xFederate as an enabling technology for secure Web services with applications in federated digital libraries and federated electronic healthcare management.
About the Speaker
Rafae Bhatti is a PhD candidate in the Department of Electrical and Computer Engineering and affiliated with the Center for Education and Reserach in Information Assurance and Security (CERIAS) at Purdue University. His research interests include information systems security, with emphasis on design and administration of access management policies in distributed systems. In his M.S. thesis research at Purdue, he developed an XML-based policy specification framework for distributed access control. His PhD research focuses on the access management problems posed by the emerging federated paradigm of information sharing and collaboration, and on specification of XML-based security protocols for Web-based information systems. His work on XML-based access control framework for the Role Based Access Control (RBAC) model have recently been cited by the OASIS consortium in their official announcement of the RBAC standard.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...