Design and Implementation of Resource Access Decision Server

Luis Espinal ; Konstantin Beznosov ; Yi Deng

16 October 2005

Abstract: Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement by exclusively using general-purpose infrastructures such as CORBA Security Service. In response to this limitation of CORBA Security service the Object Management Group (OMG) has adopted a Resource Access Decision (RAD) Facility, an authorization service for distributed systems, as a pre-final standard. By using RAD facility, developers can implement systems with authorization logic decoupled from application-specific logic and decentralized evaluation and administration of the access policies. This report documents the design and implementation of a Resource Access Decision (RAD) facility. The report covers the different components that comprise a RAD system, their designs, functions and interdependencies. The RAD prototype allows studying the validity of the frame-work and conduction of experiments in the research of distributed access control. Since the design of the prototype is heavily influenced by design patterns, the prototype can easily be maintained and augmented with more complex access control mechanisms.

Keyword(s): Authorization ; access control ; resource access decision ; CORBA ; Java security ; authorization ; software engineering ; distributed security ; distributed systems ; engineering security mechanisms

Published in: Luis Espinal, Konstantin Beznosov, Yi. Deng, "Design and Implementation of Resource Access Decision Server," Center for Advanced Distributed Systems Engineering (CADSE). Florida International University, technical report #2000-01, pp.18: (21 January, 2000)

The record appears in these collections:
Engineering Security Mechanisms
Technical Reports

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)