Presentation is loading. Please wait.

Presentation is loading. Please wait.

August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Published byBarrie Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg."— Presentation transcript:

1 Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg

2 Spocp@nordunet2003 August 20, 2003 Slide 2 Why middleware services ? TODAY: The application portfolio of most corporations are a patchwork of independent systems. FUTURE: To efficiently build and integrate applications using a unified approach and a single platform for application development and integration.

3 Spocp@nordunet2003 August 20, 2003 Slide 3 Key benefits of middleware A common application programming/protocol interface across all platforms Shields from complexity Improve controllability, simpler administration Improve productivity, efficiency and service

4 Spocp@nordunet2003 August 20, 2003 Slide 4 Spocp Simple POlicy Control Pod Swedish/Norwegian development project Started 1 june 2002, will run at least until 31 May 2004 Will be used by the NyA and “Ladok på web” services Will be implemented as the authorization system at Stockholm university

5 Spocp@nordunet2003 August 20, 2003 Slide 5 Spocp – key features Built around a well defined rule syntax (S- expression), no specified semantics Should be possible to model almost any kind of policies Allows for the usage of external information services through 'boundary conditions' Can be placed as 'close' to the application as needed A positive answer can be ackompanied by additional information

6 Spocp@nordunet2003 August 20, 2003 Slide 6 Rule basics Everything that is not explicitly permitted is prohibited Only positive rules exists Every rule allows someone to do something No order between rules A request is granted if there is a rule in the rule database to which the query is a subset

7 Spocp@nordunet2003 August 20, 2003 Slide 7 Lessons learnt so far Sofar we have failed to find policies that can not be translated into S-expression. Seems to be fast enough for the applications tested Technology as usual only part of the game When the number of policies increases and is managed in a decentralized way it is essential that one can test whether the combined policies really expresses what they should. Tools for 'Post mortem' analysis necessary

Download ppt "August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg."

Similar presentations

0 McLean, VA August 8, 2006 SOA, Semantics and Security.

0 McLean, VA August 8, 2006 SOA, Semantics and Security.
3rd Module: Information Systems Strategy and Planning:

3rd Module: Information Systems Strategy and Planning:
Software change management

Software change management
SPL/2010 Test-Driven Development (TDD) 1. SPL/2010 2.

SPL/2010 Test-Driven Development (TDD) 1. SPL/
Database Planning, Design, and Administration

Database Planning, Design, and Administration
Blogging at Memorial University Libraries The what, the why, the how, the who.

Blogging at Memorial University Libraries The what, the why, the how, the who.
BI 4.0 - Web Intelligence 4.0. Business Challenges Incorrect decisions based on inadequate data Lack of Ad hoc reporting and analysis Delayed decisions.

BI Web Intelligence 4.0. Business Challenges Incorrect decisions based on inadequate data Lack of Ad hoc reporting and analysis Delayed decisions.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Www.sungard.com/insurance From Process to Data through Services Ric Gingell Chief Architect Amarta Thursday September 1 st, 2005 VLDB 2005 Trondheim.

From Process to Data through Services Ric Gingell Chief Architect Amarta Thursday September 1 st, 2005 VLDB 2005 Trondheim.
Privilege Management and Spocp Presentation at Advance CAMP Authority Architecture – Broomfield, Colorado July 2, 2004 by Roland Hedberg.

Privilege Management and Spocp Presentation at Advance CAMP Authority Architecture – Broomfield, Colorado July 2, 2004 by Roland Hedberg.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 8 Slide 1 System models.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 8 Slide 1 System models.
1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.

1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.
Chapter 3 Database Management

Chapter 3 Database Management
Tutorials 1 1.What is the definition of a distributed system? 1.A distributed system is a collection of independent computers that appears to its users.

Tutorials 1 1.What is the definition of a distributed system? 1.A distributed system is a collection of independent computers that appears to its users.
Represent the following sentences in first-order logic, using a consistent vocabulary

Represent the following sentences in first-order logic, using a consistent vocabulary
Lecture Nine Database Planning, Design, and Administration

Lecture Nine Database Planning, Design, and Administration
Copyright © Stanford Linear Accelerator Center 2002 All rights reserved Copyright © Stanford Linear Accelerator Center 2002 All rights reserved Accelerator.

Copyright © Stanford Linear Accelerator Center 2002 All rights reserved Copyright © Stanford Linear Accelerator Center 2002 All rights reserved Accelerator.
Database Management Systems (DBMS)

Database Management Systems (DBMS)
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Similar presentations

Ads by Google