Change search
ReferencesLink to record
Permanent link

Direct link
What AMANDA offers: A comparative case study describing a flexible and decentralised approach for Authorisation Management
Number of Authors: 1
2002 (English)Report (Refereed)
Abstract [en]

In this thesis the term Authorisation Management (AM) refers to a process that begins in the real world when a decision is made concerning the delegation of authorisations. Such a decision is governed by policies. The process ends when the decision has been implemented within some computerised control mechanism in the IT-world. Today most of this process takes place in the real world. The authorisation-decision typically takes the form of a signed piece of paper that somehow is communicated to an administrator. The administrator then implements this decision, made by someone else. Besides enabling the implementation of an authorisation-decision, the process does not add any value to an organisation. It is manual, slow, involves several people and each time a decision is made, the whole process has to be initiated and performed. Further, the decision has to be expressed and implemented in terms of existing models and mechanisms and only the administrator interacts with the computerised control-mechanism in the IT-world. No widely used alternative exists. In a project named AMANDA (Authorisation Management for Distributed Applications) at the Swedish Institute of Computer Science (SICS) an alternative is being developed. AMANDA offers a mechanism that will allow AM to be decentralised in accordance with the ordinary chain of command. Using a graphical user interface, the decision-maker will implement his decision and it will take effect immediately. AMANDA will be flexible and will closely map and represent real world policies. Assuming the existence of a Public Key Infrastructure, attribute certificates are used to delegate authorisations, if needed in several steps. This thesis examines how AMANDA could simplify and improve AM. The theoretical part of this thesis describes AMANDA and the foundation on which she rests. The empirical part consists of a case study in a specific setting. First, the actual AM-process of today, with respect to a specific application, is modelled and described. Then, the future AM-process using AMANDA is modelled and described. The results indicate that AMANDA would offer a more flexible, precise, fast and secure way of AM in accordance with the operational chain of command. Though not considered in the problem statement, another result is the finding that no approach seems to exist towards modelling and describing AM as a process of itÂ’s own. In order to perform the case study, ideas from enterprise modelling has been used to identify and understand the AM-process. Together with the Unified Modelling Language (UML), Enterprise Modelling has also inspired the notation used in the case study.

Place, publisher, year, edition, pages
Swedish Institute of Computer Science , 2002, 1. , 63 p.
Series
SICS Technical Report, ISSN 1100-3154 ; 2002:16
Keyword [en]
Attribute Certificates, Authorisation Management, Authorisation Management process, Authorisation Management for Distributed Applications, AMANDA, Trust Management, real world, IT-world, authorisation, privilege, delegation, management-level power, power, empowerment, object-level permission, permission, enterprise modelling, Keon
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:ri:diva-22001OAI: oai:DiVA.org:ri-22001DiVA: diva2:1041543
Available from: 2016-10-31 Created: 2016-10-31

Open Access in DiVA

fulltext(431 kB)5 downloads
File information
File name FULLTEXT01.pdfFile size 431 kBChecksum SHA-512
49c9cd7fbf3276b44501f525a026863ea1869a110c27966966d61cfdbe11709dbbaa064b1acc984f7fbbb1b1144a7e3faca900d6945193bc6334d0c8758d17cf
Type fulltextMimetype application/pdf

Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 5 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 2 hits
ReferencesLink to record
Permanent link

Direct link