Automating Identity Management and Access Control
نویسندگان
چکیده
The problem that we address is the inability of businesses to correctly and completely specify what an automated Identity Management and Access Control (IMAC) solution must do within their organisation. This paper reports on experiments with a tool that, from a given set of business rules, generates a functional specification as well as code for a software component that provably enforces each rule. This tool allows a business architect to experiment with different sets of IMAC rules (policies) so as to find the most appropriate set of rules for the business context. Creating a demo around the generated software component provides hands-on proof to the business that they can understand. New to our work is the use of relation algebra, which provides a way to build and prove IMAC policies simultaneously. On a larger scale, this approach may help to solve cross-domain identity issues e.g. between governmental organizations.
منابع مشابه
Radio Frequency Identification
DEFINITION Radio Frequency Identification (RFID) exists as a distinct subset of the larger family of automated identification technologies that includes things like bar codes, visual scanning devices and biometric readers. RFID is a means of automated identification that features electronic tags used both to store data and to act as transponders for sending the stored data as the payload in ele...
متن کاملFederated Access Control and Workflow Enforcement in Systems Configuration
Every organization with more than a few system administrators has policies in place. These policies define who is allowed to change what aspects of the configuration of a computer infrastructure. Althoughmany system configuration tools are available for automating configuration changes in an infrastructure, very little work has been done to enforce the policies dealing with access control and w...
متن کاملAutomating Periodic Role-Checks - A Tool-based Approach
The use of roles in Identity Management has proven to be a solution for reorganising and securing the access structures of organisations. One critical challenge companies face after they implemented roles is the maintenance of the role system itself. This includes sophisticated duties like periodically verifying the valid roles. We argue that due to the high complexity, periodic rolechecks need...
متن کاملEvaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode
Federated identity and access management systems such as Shibboleth may symbolize a boost: (i) to bring the efficiency and effectiveness in collaboration for governments, enterprises and academia, and (iii) conserve the home domain user's identity privacy in a privacy-enhanced fashion. However, the consternation is about the absence of a trusted computing based mutual trust and security es...
متن کاملFederated Privileged Identity Management for Break-the-Glass: A Case Study with OpenAM
As next generation health monitoring and Ambient Assisted Living applications are opening up towards a variety of stakeholders and platforms, enforcing secure and reliable access to patient data by authorized users − anytime and anywhere − is paramount. However, static access control policies do not offer the flexibility to deal with unanticipated emergency situations where access to patient in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007