|Deletions are marked like this.||Additions are marked like this.|
|Line 1:||Line 1:|
|Line 6:||Line 6:|
|Line 26:||Line 26:|
|Publications on this work are available in [:Ponder2Publications:Ponder2 Publications]||Publications on this work are available in [[Ponder2Publications|Ponder2 Publications]]|
Authorisation Framework in Ponder2
Ponder2 supports Authorisation Policies to control interactions between managed objects. The Ponder2 Authorisation Framework (PAF) introduces novel ideas on the granularity of control of authorization policies. In particular, in PAF authorisation policies can be uniformly specified and enforced for protecting both the subject and the target for a given action.
As the Figure above shows, PAF provides 4 policy enforcement points (PEP):
- PEP1 and PEP4 are used to enforce authorisation policies for the subject side
- PEP2 and PEP3 are used to enforce authorisation policies for the target side
By enforcing policies at PEP1, it becomes possible to specify authorisation policies that prevent subjects from performing actions that could be harmful for them or their domain(s), e.g. preventing a web browser sending a request to a blacklist webserver. Furthermore, enforcement of policies at PEP4 could prevent a subject from accepting a reply from an action that could threaten the integrity of the subject.
For the target side, PEP2 can be used to enforce traditional access control authorisation policies. Additionally, when authorisation policies are enforced at PEP3, it becomes possible to protect the privacy of the target that could be compromised when the result of an action contains information that should not be revealed (e.g., by applying an authorisation policy that filters out the sensitive data from the result).
PAF supports both negative and positive authorisation policies. When two or more policies of opposite sign apply to the same action modal conflicts may be introduced. For this reason, PAF provides a conflict resolution strategy (based on domain nesting precedence) that deals with such conflicts at runtime.
In the following, we will provide a more detailed description of the PAF and its capabilities by using several scenarios. Each scenario consists of a set of managed objects together with several authorisation policies to control the execution of the managed objects' actions. The scenarios can be downloaded and executed.
HospitalDomain contains a description of the case study that is used in all the scenarios.
BasicScenario introduces how to define basic authorisation policies.
AdvancedScenarios describes how to define more advanced policies and provides some details on the conflict resolution strategy that PAF uses.
Publications on this work are available in Ponder2 Publications