Infrastructure-based Mediation for Enforcement of Policies in Composed and Federated Applications
نویسنده
چکیده
By design, a federated “system of systems” application offers limited control over the components and services that it is built upon. However, as the application evolves, there will be changes required to the components and services that comprise the application. As these services are likely to support multiple federated applications, not all will evolve in the same manner. It is essential to limit the scope of change resulting from this application coupling. We see the separation of “policy enforcement” from core application logic as a mechanism to better decouple federated applications. Such separation can allow policy to evolve without impacting other applications or the core services, and allow the components to evolve and still be subject to the same policy.
منابع مشابه
Federated Access Control and Workflow Enforcement in Systems Configuration
Every organization with more than a few system administrators has policies in place. These policies define who is allowed to change what aspects of the configuration of a computer infrastructure. Althoughmany system configuration tools are available for automating configuration changes in an infrastructure, very little work has been done to enforce the policies dealing with access control and w...
متن کاملA Hybrid PKI Model with an Application for Secure Mediation
For distributed computing systems, specification and enforcement of permissions can be based on a public key infrastructure which deals with public keys for asymmetric cryptography. We review previous approaches and classify them as based on trusted authorities with licencing and dealing with free properties (characterizing attributes including identities), e.g. X.509, or based on owners with d...
متن کاملA Policy Engineering Framework for Federated Access Management
Bhatti, Rafae A. Ph.D., Purdue University, May, 2006. A Policy Engineering Framework for Federated Access Management. Major Professor: Arif Ghafoor. Federated systems are an emerging paradigm for information sharing and integration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interoperation. Curren...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA POLICY - BASED ARCHITECTURE FOR VIRTUAL NETWORK EMBEDDING by FLAVIO ESPOSITO
Network virtualization is a technology that enables multiple virtual instances to coexist on a common physical network infrastructure. This paradigm fostered new business models, allowing infrastructure providers to lease or share their physical resources. Each virtual network is isolated and can be customized to support a new class of customers and applications. To this end, infrastructure pro...
متن کامل