direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

GeoXACML Policies


The concept of distributed authorization includes a shift of programming logic and rules for accessing resources to an external trusted system. This reduces complexity within applications, but requires external components, such as Policy Enforcement Points (PEP), Policy Decision Points (PDP) and Policy Information Points (PIP). OASIS' XACML specification [1] is one representative in this field of authorization.

On the basis of the previous GeoXACML [2] project, the notion of location-based access control should be expanded using GeoXACML policies. The standard XACML architecture has different components that deal with the processing of access policies. By today, an open-source XACML v3 and GeoXACML Policy Decision Point (PDP) is not available. During the last project, a commercial one was used for the evaluation of GeoXACML policies. A main goal in this project is to implement an open-source GeoPDP that extends an existing XACML v3 compliant Policy Decision Engine (e.g. WSO2 Balana) to support OGC's GeoXACML specification [3]. Another aspect of the project is the extension of the XACML version 3 standard with GeoXACML tags, which is still only adapted to version 2. Additionally, the creation of a visual  editor for creating map polygons (including 3D areas), so-called geofences, is part of the project. Furthermore, according to OASIS' REST profile for XACMLv3, the PEP to PDP communication should be implemented. As proof of concept, an application scenario based on HTTP, SAML and GeoXACML enabled polices must be implemented.


  • Get familiar with (Geo)XACML
  • Implement a GeoPDP, e.g., based on WSO2 Balana
  • Implement an online editor for map areas including 3D objects
  • Implement a prototype scenario
  • Evaluate and write documentation


  • Analysis of state-of-the-art technologies
  • (Java) programming skills
  • Interest in location-based services, policies, mobile devices and cloud computing
  • Teamwork
  • Communicating in English (desirable)


Sebastian Zickau [4], Dirk Thatmann [5]


TU Berlin - Service-centric Networking - TEL 19
Ernst-Reuter-Platz 7
10587 Berlin, Germany
Phone: +49 30 8353 58811
Fax: +49 30 8353 58409
e-mail query [7]

------ Links: ------

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

Copyright TU Berlin 2008