Inhalt des Dokuments
Es gibt keine deutsche Übersetzung dieser Webseite.
Bachelor Thesis: Supporting the development of RESTful services to enable distributed access control policies based on a generic API description
Supporting the development of RESTful services to enable distributed access control policies based on a generic API description
The eXtensible Access Control Markup Language (XACML) provides a way for flexible, policy based access control, allowing arbitrary rules or the implementation of more general access control schemes like role-based access control (RBAC) or attribute-based access control (ABAC). However, access control systems are deployed and used in increasingly complex situations and environments. Policy based access control systems like XACML, with their flexibility, accommodate these use cases and provide superior division of concerns through the separation of business logic and business policy, i.e. the access decision process and the access policy. Nevertheless, the increasing complexity through both a higher number of access policies as well as increased elaboration raises scalability concerns. This thesis explores the possibilities for caching and performance optimization in XACML, primarily focusing on XACML version 3 (XACMLv3) and its Policy Decision Point (PDP), to provide one more step towards remedying these concerns. It provides a survey of existing approaches to caching and performance optimization and concludes that most current approaches are concerned with the policy evaluation itself but not with finding applicable policies or loading and storing policies, rather attempting to increase performance through policy reconfiguration, translation, normalization or clustering. Although, depending on the situation, different parts of the evaluation process may bottleneck. Therefore, this thesis explores the use of caching at specific points during the evaluation process, namely loading policies, finding policies and evaluation, for better performance along with other more general improvements. However, due to the highly flexible nature of XACML special considerations are necessary for caching properly to still perform reliably as an authorization system. Additionally, this thesis considers memory consumption and efficiency.
Supervisor: Dirk Thatmann
Type: Bachelor Thesis
Duration: 4 months
10587 Berlin, Germany
Phone: +49 30 8353 58811
Fax: +49 30 8353 58409