Multidimensional security policies
In the course of this project we developed a framework for cross-system definition and representation of web resources and security policies. This representation is supported by two separate building blocks, enabling a definition of resource and execution of security policies in a layered manner.
The first building block enables a granular definition of resources, allowing decoupled structuring of entities and functions provided by external Web APIs. Based on the abstract, domain-specific Ontologies, such representation allows the automated management and discovery of networked resources.
The second component of the framework reuses these representations and their interfaces, introducing the management and execution of security policies over these resources. This management is therefore performed on an abstract level, decoupled from the resources and executed by a separate engine. Such organisation allows a multidimensional and granular definition of security policies. It furthermore enables the inclusion of obligations in the process of authorization.
In the current version, the framework supports the domains of Email and Storage APIs, including additionally the live transformation of resources, offering the functional masking and reduction of resources in the scope of authorization obligations.
|Technical Report (EN)||1.0||2016-02-02|