TU Berlin

Service-centric NetworkingLocation-based Authentication System for Cloud Services using GeoXACML

Page Content

to Navigation

Location-based Authentication System for Cloud Services using GeoXACML


In the context of cloud services, it is often necessary to limit access to services especially from mobile devices. An additional aspect of this access control will be the location information of the users and their devices. In the project an evaluation of the functionalities and concepts of GeoXACML, which adds location information to the established XACML language for describing policies in access controlled environments. Getting familiar with these standards and their needed architecture is the entry point for this project. The access to an example cloud service application should be controlled by location-based parameters. Mobile devices and stationary computers should be evaluated. An architecture of policy enforcement points (PEP), policy decision points (PDP), policy information points (PIP) and policy administration points (PAP) will be designed and implemented. The implementation can be built up on existing (open source) implementations. An extensive study of GeoXACML and its limitations should be also the result of the project. With GeoXACML both the location of target data and of the accessing devices can be described. The differences between these two approaches should be discussed, evaluated and implemented in a prototype.


  • Getting familiar with (Geo)XACML
  • Defining test cases, scenarios and an GeoXACML architecture in the context of cloud services
  • Deal with mobile and stationary devices
  • Implementation of a prototype
  • Implementation of a mobile app which access the cloud service
  • Evaluation of the architecture


  • Analyses of state-of-the-art technologies
  • (Java) programming skills
  • (Android) mobile development experience
  • Interest in Location-based Services, Policies, Mobile Devices, Cloud Computing
  • Teamwork
  • Communicating in English (desirable)





Quick Access

Schnellnavigation zur Seite über Nummerneingabe