A POLICY ENGINEERING FRAMEWORK FOR FEDERATED ACCESS MANAGEMENT: Using software engineering principles to simplify the design of access management ... security with seamless interoperation

Federated systems are an emerging paradigm for information sharing and integration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interoperation. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This book describes the design of a policy engineering framework, called X-FEDERATE, for specification and enforcement of access management policies in federated systems. The framework has been designed from the perspectives of both security management and software engineering to not only allow specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework comprises of an access control language specification that is an extension of the well-accepted Role Based Access Control (RBAC) standard. The language extends RBAC to incorporate various essential features for federated access management.