Regulating Work in Digital Enterprises: A Flexible Managerial Framework
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Object Security Attributes: Enabling Application-Specific Access Control in Middleware
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
On shouting "Fire!": regulating decoupled communication in distributed systems
Proceedings of the ACM/IFIP/USENIX 2003 International Conference on Middleware
Generalized access control of synchronous communication
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Regularity-based trust in cyberspace
iTrust'03 Proceedings of the 1st international conference on Trust management
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Generalized access control of synchronous communication
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
CBSE'05 Proceedings of the 8th international conference on Component-Based Software Engineering
Hi-index | 0.00 |
This paper presents the Authorization Service provided byTivoli Policy Director (PD) and its use by PD family membersas well as third-party applications. Policies are definedover an object namespace and stored in a database, which ismanaged via a management console and accessed throughan Authorization API. The object namespace abstracts fromheterogeneous systems and thus enables the definition ofconsistent policies and their centralized management. ACLinheritance and delegated management allow these policiesto be managed efficiently. The Authorization API allows applicationswith their own access control requirements to de-coupleauthorization logic from application logic. By interceptingthe traffic over well-defined communication protocols(TCP/IP, HTTP, IIOP, and others), PD familiy membersestablish a single entry point to enforce enterprise policiesthat regulate access to corporate data.