Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
David Chadwick; Kaniz Fatema (2009)
Publisher: ACM
Types: Article,Unknown
Subjects: QA76
We describe a more advanced authorisation infrastructure for identity management systems which in addition to the\ud traditional Policy Enforcement Point (PEP) and Policy Decision Point (PDP) has an application independent policy enforcement point (AIPEP), a credential validation service (CVS) and a master PDP. The AIPEP is responsible for handling sticky policies, calling the master PDP, performing application independent obligations, and validating credentials using the CVS. The master PDP is responsible for calling multiple traditional PDPs that support a variety of policy languages, and resolving conflicts between the various authorisation decisions. Whilst this authorisation infrastructure may seem more complex to implement, it is in fact easier for applications to integrate since nearly all of the complexity is hidden beneath the PEP interface.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [1] OASIS “eXtensible Access Control Markup Language (XACML) Version 2.0”OASIS Standard, 1 Feb 2005
    • [2] OASIS. "eXtensible Access Control Markup Language (XACML) Version 3.0". Committee draft 1. 16 April 2009
    • [3] D.W.Chadwick, G.Zhao, S.Otenko, R.Laborde, L.Su and T.A.Nguyen. “PERMIS: a modular authorization infrastructure”. Conc. Comp. Prac. Exp, Vol.20, Issue 11, 10 Aug 2008. Pages 1341-1357.
    • [4] W3C: The Platform for Privacy Preferences 1.0 (P3P 1.0). Technical Report. 2002
    • [5] M.Blaze, J.Feigenbaum, J.Ioannidis. “The KeyNote TrustManagement System Version 2”, RFC 2704, Sept. 1999.
    • [6] See http://www.tas3.eu
    • [7] Alqatawna, J.; Rissanen, E.; Sadighi, B. "Overriding of Access Control in XACML".Proc. 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY '07) 13-15 June 2007. Pages:87 - 95
    • [8] D.W.Chadwick, L.Su, R.Laborde. “Coordinating Access Control in Grid Services”. Conc. Comp. Prac. Exp., Vol. 20, Issue 9, 25 June 2008, Pages 1071-1094.
    • [9] D.W.Chadwick, S.Otenko, T.A. Nguyen. “Adding Support to XACML for Multi-Domain User to User Dynamic Delegation of Authority”. Int.J. Inf. Sec. Vol. 8, No 2 / April, 2009 pp 137-152
    • [10] OASIS “SAML 2.0 profile of XACML v2.0” Committee Draft, 16 April 2009
    • [11] D.W.Chadwick, L.Su, R.Laborde. “Use of XACML Request Context to access a PDP”. OGF GWD-R-P. 25 June 2009
    • [12] OASIS, “WS-Trust 1.3”, OASIS Standard, 19 March 2007
    • [13] OASIS. “Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0”, OASIS Standard, 15 March 2005
    • [14] D.W.Chadwick, L. Su. “Use of WS-TRUST and SAML to access a Credential Validation Service”. OGF GWD-R-P, 25 June 2009.
    • [15] V. Venturi, T. Scavo, D.W. Chadwick, “Use of SAML to retrieve Authorization Credentials”, OGF GWD-R-P, 25 June 2009
    • [16] D.W.Chadwick, S.Anthony. “Using WebDAV for Improved Certificate Revocation and Publication”. LCNS 4582, “Public Key Infrastructure. Proc of 4th European PKI Workshop, June, 2007, Spain. pp 265-279
    • [17] N. Zhang, L. Yao, A. Nenadic, J. Chin, C. Goble, A. Rector, D. Chadwick, S. Otenko and Q. Shi; “Achieving Fine-grained Access Control in Virtual Organisations”, Conc. Comp. Prac. Exp., Vol. 19, Issue 9, June 2007, pp. 1333-1352.
    • [18] M.C.Mont, S.Pearson, P.Bramhall. “Towards accountable management of identity and privacy: sticky policies and enforceable tracing services”. Proc 14th Int Workshop on Database and Expert Systems Applications, 1-5 Sept. 2003. Page(s): 377 - 382
    • [19] D.W.Chadwick, S.F.Lievens. "Enforcing “Sticky” Security Policies throughout a Distributed Application". MidSec 2008. December 1-5, 2008, Leuven, Belgium
  • No related research data.
  • No similar publications.

Share - Bookmark

Funded by projects

  • EC | TAS3

Cite this article