TU Berlin

Service-centric NetworkingGeoXACML Policies

Page Content

to Navigation

GeoXACML Policies


The concept of distributed authorization includes a shift of programming logic and rules for accessing resources to an external trusted system. This reduces complexity within applications, but requires external components, such as Policy Enforcement Points (PEP), Policy Decision Points (PDP) and Policy Information Points (PIP). OASIS' XACML specification is one representative in this field of authorization.

On the basis of the previous GeoXACML project, the notion of location-based access control should be expanded using GeoXACML policies. The standard XACML architecture has different components that deal with the processing of access policies. By today, an open-source XACML v3 and GeoXACML Policy Decision Point (PDP) is not available. During the last project, a commercial one was used for the evaluation of GeoXACML policies. A main goal in this project is to implement an open-source GeoPDP that extends an existing XACML v3 compliant Policy Decision Engine (e.g. WSO2 Balana) to support OGC's GeoXACML specification. Another aspect of the project is the extension of the XACML version 3 standard with GeoXACML tags, which is still only adapted to version 2. Additionally, the creation of a visual  editor for creating map polygons (including 3D areas), so-called geofences, is part of the project. Furthermore, according to OASIS' REST profile for XACMLv3, the PEP to PDP communication should be implemented. As proof of concept, an application scenario based on HTTP, SAML and GeoXACML enabled polices must be implemented.


  • Get familiar with (Geo)XACML
  • Implement a GeoPDP, e.g., based on WSO2 Balana
  • Implement an online editor for map areas including 3D objects
  • Implement a prototype scenario
  • Evaluate and write documentation


  • Analysis of state-of-the-art technologies
  • (Java) programming skills
  • Interest in location-based services, policies, mobile devices and cloud computing
  • Teamwork
  • Communicating in English (desirable)




Quick Access

Schnellnavigation zur Seite über Nummerneingabe