EPSRC logo

Details of Grant 

EPSRC Reference: GR/S69061/01
Title: Distributed Programmable Authorisation (DPA)
Principal Investigator: Chadwick, Emeritus Professor DW
Other Investigators:
Basden, Dr A
Researcher Co-Investigators:
Dr E Ball
Project Partners:
Department: Informatics Research Institute
Organisation: University of Salford
Scheme: Standard Research (Pre-FEC)
Starts: 01 April 2004 Ends: 28 February 2005 Value (£): 191,316
EPSRC Research Topic Classifications:
Networks & Distributed Systems
EPSRC Industrial Sector Classifications:
Communications
Related Grants:
Panel History:  
Summary on Grant Application Form
Programmable policy based access control decision engines are now available. They are used to control access to a single resource (or a domain of resources) that are all controlled by the same (low level) policy. The purpose of this research is to determine how to control access to multiple resources in different management domains that are participating in a distributed application or programmable network. The distributed system will be governed by its own high level authorisation policy, and this must be mapped down into the set of low level policies needed for all the participating resources. We will define the rules for how the high level authorisation policy language can be mapped into an existing low level authorisation policy language such as the OASIS XACML language, which is a standard for policies controlling access to a single domain. We will then build a reasoning policy compiler that will automatically output the set of lower level policies given a high level policy. We will also build a user friendly administrative tool for creating the high level authorisation policies. We will determine and build the best way to propagate the low level policies in a trusted way to the resources that they will control access to and determine and build the best way to implement low level dependent decision making. The latter may occasionally be needed when a resource needs to make an access control decision that depends upon previous access control decisions taken at other local resources whilst the distributed system has been running. We will also need to make the authorisation infrastructure dynamic, so that it can automatically cater for new subjects and resources entering the system, and existing ones retiring from the system. Finally we will integrate all the above into the existing PERMIS low level authorisation infrastructure, pilot it with another EPSRC project, and release it publicly via the US NMI software release. The cost of the project is 181,000.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.salford.ac.uk