Data e-Infrastructure Policy-oriented Security Facilities
From Gcube Wiki
Revision as of 16:51, 27 February 2012 by Ciro.formisano (Talk | contribs)
Overview
Policy Based Access Control is a very flexible approach focused on the evaluation of policies based on different kinds of attributes in order to grant or deny the access to a resource.
The whole Process consists in three atomic operations:
- to establish who can do what
- to grant or deny the permissions
- to guarantee that rules are followed
As a consequence a Policy Oriented Security Module provides the following functionalities:
- policies definition
- decision
- enforcement
GCube Policy Oriented Security Facilities allows to easily and intuitively perform these operations.
Key Features
- Policy Definition Portlet
- A portlet providing the possibility to create, read, update and delete policies
- XACML based Authorization System
- Composed by Policy Administration Point, Policy Decision Point and Policy Enforcement Point
- Dynamic user attributes
- The policies are based on roles and on dynamic attributes, e.g. maximum number of accesses made by the user
- Context attributes
- An advanced Policy Information Point provides the possibility to use policies based also on context attributes, such as date and time
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems: