An Advanced Policy Based Authorisation Infrastructure

David Chadwick, Kaniz Fatema

    Research output: Chapter in Book/Published conference outputConference publication


    We describe a more advanced authorisation infrastructure for identity management systems which in addition to the traditional Policy Enforcement Point (PEP) and Policy Decision Point (PDP) has an application independent policy enforcement point (AIPEP), a credential validation service (CVS) and a master PDP. The AIPEP is responsible for handling sticky policies, calling the master PDP, performing application independent obligations, and validating credentials using the CVS. The master PDP is responsible for calling multiple traditional PDPs that support a variety of policy languages, and resolving conflicts between the various authorisation decisions. Whilst this authorisation infrastructure may seem more complex to implement, it is in fact easier for applications to integrate since nearly all of the complexity is hidden beneath the PEP interface.
    Original languageEnglish
    Title of host publicationDIM '09: Proceedings of the 5th ACM workshop on Digital identity management
    ISBN (Print)978-1-60558-786-8
    Publication statusPublished - Nov 2009


    Dive into the research topics of 'An Advanced Policy Based Authorisation Infrastructure'. Together they form a unique fingerprint.

    Cite this