Skip to main content

An advanced policy based authorisation infrastructure

Chadwick, David W. and Fatema, Kaniz (2009) An advanced policy based authorisation infrastructure. In: DIM '09 Proceedings of the 5th ACM workshop on Digital identity management. CCS Computer and Communications Security . ACM, New York, USA, pp. 81-84. ISBN 978-1-60558-786-8. (doi:10.1145/1655028.1655045) (KAR id:31990)

Language: English
Download (73kB) Preview
[thumbnail of DIM09advancedAuthzInfr.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL:


We describe a more advanced authorisation infrastructure for identity management systems which in addition to the

traditional Policy Enforcement Point (PEP) and Policy Decision Point (PDP) has an application independent policy enforcement point (AIPEP), a credential validation service (CVS) and a master PDP. The AIPEP is responsible for handling sticky policies, calling the master PDP, performing application independent obligations, and validating credentials using the CVS. The master PDP is responsible for calling multiple traditional PDPs that support a variety of policy languages, and resolving conflicts between the various authorisation decisions. Whilst this authorisation infrastructure may seem more complex to implement, it is in fact easier for applications to integrate since nearly all of the complexity is hidden beneath the PEP interface.

Item Type: Book section
DOI/Identification number: 10.1145/1655028.1655045
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: D. Chadwick
Date Deposited: 25 Oct 2012 16:32 UTC
Last Modified: 16 Nov 2021 10:09 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):


Downloads per month over past year