PEP = Point to Enhance Particularly

Policies are rules that govern the choices in behaviour of a system. Policy based management aims at supporting dynamic adaptability of behaviour by changing policy without receding or stopping the system. The common accepted architecture of such systems includes two main management agents: the policy decision point that analyses requests and set decisions based on a policy and the policy enforcement point that enforces the PDP 's decision. While many works deal with PDP implementations, PEP is considered to be only an interface between applications to be managed and the PDP. PEPs are usually specific to an application and a context of use. As a consequence, they cannot be re-used for new applications and they are implemented from scratch each time. In this article, we present a modular architecture to implement reusable PEPs for policy based authorization systems.

[1]  Romain Laborde,et al.  A secure collaborative web-based environment for virtual organisations , 2009, Int. J. Web Based Communities.

[2]  David W. Chadwick,et al.  Development of a Flexible PERMIS Authorisation Module for Shibboleth and Apache Server , 2005, EuroPKI.

[3]  Jinoh Kim,et al.  Design and implementation of policy decision point in policy-based network , 2005, Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05).

[4]  Emil C. Lupu,et al.  A policy deployment model for the Ponder language , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[5]  David W. Chadwick,et al.  Building a Modular Authorization Infrastructure , 2006 .

[6]  David W. Chadwick,et al.  Coordinating access control in grid services , 2008, Concurr. Comput. Pract. Exp..

[7]  Romain Laborde,et al.  A secure collaborative web based environment for virtual organizations , 2007, 2007 2nd International Conference on Digital Information Management.

[8]  Nick Kew The Apache Modules Book: Application Development with Apache , 2007 .