The Authorization Service of Tivoli Policy Director
نویسنده
چکیده
This paper presents the Authorization Service provided by Tivoli Policy Director (PD) and its use by PD family members as well as third-party applications. Policies are defined over an object namespace and stored in a database, which is managed via a management console and accessed through an Authorization API. The object namespace abstracts from heterogeneous systems and thus enables the definition of consistent policies and their centralized management. ACL inheritance and delegated management allow these policies to be managed efficiently. The Authorization API allows applications with their own access control requirements to decouple authorization logic from application logic. By intercepting the traffic over well-defined communication protocols (TCP/IP, HTTP, IIOP, and others), PD familiy members establish a single entry point to enforce enterprise policies that regulate access to corporate data.
منابع مشابه
Authorization Framework for Service Oriented Architecure
Setting up secure application architecture is very challenging. The Service Oriented Architecture design allows and requires centrally manageable security services, among them the authorization service is the key to build model based security infrastructure. Although the theory of different security models are well-known, the definition and coding of the authorization rules are not complicated,...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملA Policy-Based Authorization System for Web Services: Integrating X-GTRBAC and WS-Policy
Authorization and access control in Web services is complicated by the unique requirements of the dynamic Web services paradigm. Amongst them is the requirement for a context-aware access control specification and a processing model to apply fine-grained access control on various components of a Web service. In this paper, we address these two requirements and present a policy-based authorizati...
متن کاملQuality of Service Authentication, Authorization and Accounting
Proper authorization is essential for a QoS signaling protocol. The policy control of future QoS signaling solutions is expected to make use of existing AAA infrastructure for computing the authorization decision. In this paper, we point to two approaches for QoS authorization (based on COPS and Diameter) and present possible extensions and directions for future work.
متن کاملAn Effective Modality Conflict Model for Identifying Applicable Policies During Policy Evaluation
Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is n...
متن کامل