Object Security Attributes: Enabling Application-Specific Access Control in Middleware
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
NeCoMan: Middleware for Safe Distributed-Service Adaptation in Programmable Networks
IEEE Distributed Systems Online
Attributed Based Access Control (ABAC) for Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
A Modular Access Control Service for Supporting Application-Specific Policies
IEEE Distributed Systems Online
Authorization Using the Publish-Subscribe Model
ISPA '08 Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Proceedings of the 12th International Middleware Conference
Hi-index | 0.00 |
The correct deployment and enforcement of expressive attribute-based access control (ABAC) policies in large distributed systems is a significant challenge. The enforcement of such policies requires policy-dependent collaborations between many distributed entities. In existing authorization systems, such collaborations are static and must be configured and verified manually by administrators. This approach does not scale to large and more dynamic application infrastructures in which frequent changes to policies and applications occur. As such, configuration mistakes or application changes might suddenly make policies unenforceable, which typically leads to severe service disruptions. We present a middleware for distributed authorization. The middleware provides a single administration point that enables the configuration and reconfiguration of application- and policy-dependent interactions between policy enforcement points (PEPs), policy decision points (PDPs) and policy information points (PIPs). Using lifecycle and dependency management, the architecture guarantees that configurations are consistent with respect to deployed policies and applications, and that they remain consistent as reconfigurations occur. Extensive performance evaluation shows that the runtime and configuration overhead of the middleware scale with the size and complexity of the infrastructure and that reconfigurations cause minimal disruption to the involved applications.