TU Berlin

Service-centric NetworkingData Privacy Aware Distributed Policies

Page Content

to Navigation

Data Privacy Aware Distributed Policies


Today, in distributed authorization scenarios based on OASIS' XACML, the access authorization is handled outside of applications. Containing a Policy Decision Point (PDP) and Policy Enforcement Point (PEP), the external architecture takes over the authorization decision based on the evaluation of policies. However, this is still done completely in the domain of the resource owner. Furthermore, access policies are still created and maintained by the resource owner based on information provided by the customer.

In this project, different approaches should be investigated how requirements of customers can influence a real time access decision process. Within XACML's concept of Attribute-based Access Control (ABAC), customer's requirements can be expressed as attributes, which might carry personal data, such as username, location information or user roles. Depending on the access rule, this information can be important for a decision making process, but might violate data privacy rules, especially in cross domain use cases.

Goal is to implement a data privacy enabled PDP, which supports a decision making process based on e.g. encrypted, anonymized or pseudonymized sensitive attributes provided by rules or policies defined by the customer.


  • Get familiar with XACML's (component architecture, policy language)
  • Get familiar with data privacy regulations
  • Design a data privacy aware overall concept and information flow
  • Implement a data privacy aware PDP based on WSO2 Balana engine
  • Implementation of a prototype scenario as proof of concept
  • Evaluate and write documentation


  • Analysis of state-of-the-art technologies
  • (Java) programming skills
  • Interest in security and privacy, access policies and distributed authorization
  • Teamwork
  • Communicating in English (desirable)




Quick Access

Schnellnavigation zur Seite über Nummerneingabe