EPSRC Reference: |
GR/S69061/02 |
Title: |
Distributed Programmable Authorisation (DPA) |
Principal Investigator: |
Chadwick, Emeritus Professor DW |
Other Investigators: |
|
Researcher Co-Investigators: |
|
Project Partners: |
|
Department: |
Sch of Computing |
Organisation: |
University of Kent |
Scheme: |
Standard Research (Pre-FEC) |
Starts: |
01 March 2005 |
Ends: |
31 August 2006 |
Value (£): |
154,477
|
EPSRC Research Topic Classifications: |
Networks & Distributed Systems |
|
|
EPSRC Industrial Sector Classifications: |
|
Related Grants: |
|
Panel History: |
|
Summary on Grant Application Form |
Programmable policy based access control decision engines are now available. They are used to control access to a single resource (or a domain of resources) that are all controlled by the same (low level) policy. The purpose of this research is to determine how to control access to multiple resources in different management domains that are participating in a distributed application or programmable network. The distributed system will be governed by its own high level authorisation policy, and this must be mapped down into the set of low level policies needed for all the participating resources. We will define the rules for how the high level authorisation policy language can be mapped into an existing low level authorisation policy language such as the OASIS XACML language, which is a standard for policies controlling access to a single domain. We will then build a reasoning policy compiler that will automatically output the set of lower level policies given a high level policy. We will also build a user friendly administrative tool for creating the high level authorisation policies. We will determine and build the best way to propagate the low level policies in a trusted way to the resources that they will control access to and determine and build the best way to implement low level dependent decision making. The latter may occasionally be needed when a resource needs to make an access control decision that depends upon previous access control decisions taken at other local resources whilst the distributed system has been running. We will also need to make the authorisation infrastructure dynamic, so that it can automatically cater for new subjects and resources entering the system, and existing ones retiring from the system. Finally we will integrate all the above into the existing PERMIS low level authorisation infrastructure, pilot it with another EPSRC project, and release it publicly via the US NMI software release. The cost of the project is 181,000.
|
Key Findings |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Potential use in non-academic contexts |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Impacts |
Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
Summary |
|
Date Materialised |
|
|
Sectors submitted by the Researcher |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Project URL: |
|
Further Information: |
|
Organisation Website: |
http://www.kent.ac.uk |