CW 543

Tom Goovaerts, Bart De Win, and Wouter Joosen
Policy evaluation contracts

Abstract

The management of expressive authorization policies in open and dynamic systems is a significant challenge. In this report, policy evaluation contracts are defined to manage the composition of authorization policy components. Policy evaluation contracts specify security policy-related requirements and capabilities in terms of a generic policy domain model. Furthermore, an algorithm is described for generating a dependency graph between authorization policy components, based on their contracts. Using these proposed concepts, management components of authorization infrastructures can maintain a correct configuration of the infrastructure when changes occur in policies or in the environment.

report.pdf (145K) / mailto: T. Goovaerts