A Policy Engineering Framework for Federated Access Management

Federated systems are an emerging paradigm for
information sharing and integration. Such systems
require access management policies that not only
protect user privacy and resource security but also
allow scalable and seamless interoperation. Current
solutions to distributed access control generally
fail to simultaneously address both dimensions of the
problem. This book describes the design of a policy
engineering framework, called X-FEDERATE, for
specification and enforcement of access management
policies in federated systems. The framework has been
designed from the perspectives of both security
management and software engineering to not only allow
specification of requirements for federated
access management but also allow development of
standardized policy definitions and constructs that
facilitate policy deployment and enforcement in a
federated system. The framework comprises of an
access control language specification that is an
extension of the well-accepted Role Based Access
Control (RBAC) standard. The language extends RBAC to
incorporate various essential features for federated
access management.

Autorentext
Rafae Bhatti received his PhD from Purdue University in 2006. Hisresearch focuses on information systems security and privacy. Hisdoctoral work has been cited by the OASIS industry consortiuminvolved in the development of security standards such as RBACand SAML. He has been a postdoc at IBM Almaden Research Centerand currently works at Oracle.

Klappentext
Federated systems are an emerging paradigm forinformation sharing and integration. Such systemsrequire access management policies that not onlyprotect user privacy and resource security but alsoallow scalable and seamless interoperation. Currentsolutions to distributed access control generallyfail to simultaneously address both dimensions of theproblem. This book describes the design of a policyengineering framework, called X-FEDERATE, forspecification and enforcement of access managementpolicies in federated systems. The framework has beendesigned from the perspectives of both securitymanagement and software engineering to not only allowspecification of requirements for federatedaccess management but also allow development ofstandardized policy definitions and constructs thatfacilitate policy deployment and enforcement in afederated system. The framework comprises of anaccess control language specification that is anextension of the well-accepted Role Based AccessControl (RBAC) standard. The language extends RBAC toincorporate various essential features for federatedaccess management.