What AMANDA offers: A comparative case study describing a flexible and decentralised approach for Authorisation Management
Number of Authors: 1
2002 (English)Report (Refereed)
In this thesis the term Authorisation Management (AM) refers to a process that begins in the real world when a decision is made concerning the delegation of authorisations. Such a decision is governed by policies. The process ends when the decision has been implemented within some computerised control mechanism in the IT-world. Today most of this process takes place in the real world. The authorisation-decision typically takes the form of a signed piece of paper that somehow is communicated to an administrator. The administrator then implements this decision, made by someone else. Besides enabling the implementation of an authorisation-decision, the process does not add any value to an organisation. It is manual, slow, involves several people and each time a decision is made, the whole process has to be initiated and performed. Further, the decision has to be expressed and implemented in terms of existing models and mechanisms and only the administrator interacts with the computerised control-mechanism in the IT-world. No widely used alternative exists. In a project named AMANDA (Authorisation Management for Distributed Applications) at the Swedish Institute of Computer Science (SICS) an alternative is being developed. AMANDA offers a mechanism that will allow AM to be decentralised in accordance with the ordinary chain of command. Using a graphical user interface, the decision-maker will implement his decision and it will take effect immediately. AMANDA will be flexible and will closely map and represent real world policies. Assuming the existence of a Public Key Infrastructure, attribute certificates are used to delegate authorisations, if needed in several steps. This thesis examines how AMANDA could simplify and improve AM. The theoretical part of this thesis describes AMANDA and the foundation on which she rests. The empirical part consists of a case study in a specific setting. First, the actual AM-process of today, with respect to a specific application, is modelled and described. Then, the future AM-process using AMANDA is modelled and described. The results indicate that AMANDA would offer a more flexible, precise, fast and secure way of AM in accordance with the operational chain of command. Though not considered in the problem statement, another result is the finding that no approach seems to exist towards modelling and describing AM as a process of its own. In order to perform the case study, ideas from enterprise modelling has been used to identify and understand the AM-process. Together with the Unified Modelling Language (UML), Enterprise Modelling has also inspired the notation used in the case study.
Place, publisher, year, edition, pages
Swedish Institute of Computer Science , 2002, 1. , 63 p.
SICS Technical Report, ISSN 1100-3154 ; 2002:16
Attribute Certificates, Authorisation Management, Authorisation Management process, Authorisation Management for Distributed Applications, AMANDA, Trust Management, real world, IT-world, authorisation, privilege, delegation, management-level power, power, empowerment, object-level permission, permission, enterprise modelling, Keon
Computer and Information Science
IdentifiersURN: urn:nbn:se:ri:diva-22001OAI: oai:DiVA.org:ri-22001DiVA: diva2:1041543