[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [oasis-charter-discuss] Possible liaison/collaboration candidate for CloudAuthZ TC
All, I know Maarten Wegdam who has collaborated in this project. He spoke at the XACML seminar last April that I helped organize about this project. Let me know if you want me to contact him. Thanks, Ray From: oasis-charter-discuss@lists.oasis-open.org [mailto:oasis-charter-discuss@lists.oasis-open.org] On Behalf Of Robin Cover Sent: Sunday, October 07, 2012 4:26 PM To: OASIS Charter Discuss List Cc: Robin Cover Subject: [oasis-charter-discuss] Possible liaison/collaboration candidate for CloudAuthZ TC In connection with the CloudAuthZ TC proposal Scope section 1(c)-5 "TC will develop strong liaison relationships...": one additional candidate for consideration would be the Novay Project called "CEA: Context-Enhanced Authorization" Details: Yesterday I concluded an initial phase of investigation for the proposed CloudAuthZ TC, and discovered a large corpus of technical work that seems relevant, even if the prospect of creating a generalized model for context-based authorization and entitlement management seems like a tall order. The Novay Project, with summary below [1], made some pilot investigations, detailed in a 25-page white paper [2]. The YouTube clip, however short, presents the key ideas. At a minimum, the principal investigators in this Novay Project may be able to contribute further insight into the proposed TC's use cases, or participate in the technical work. - Robin Cover [1] Novay Project CEA: Context-Enhanced Authorization SII Innovation Project http://www.novay.nl/okb/projects/context-enhanced-authorization/12435 Project Principals: Bob Hulsebosch, Ruud Kosman, Martijn Oostdijk, Jaap Reitsma, Maarten Wegdam, Martin Wibbels Project Overview: "Context information can make authorization management more flexible and more secure. Knowing when and where users are, and what they are up to helps in determining which access rules to apply. There is an increasing need for organizations, especially organizations in the banking sector, to be more flexible while maintaining the same level of security. The new found flexibility can be used, for instance, to enable new forms of working in which employees of a bank need to be able to perform high-risk transactions from different locations (home, office, at a customer location etc.), at different times of the day and using different devices... The promise of context-enhanced authorization is that by making the context information explicit in authorization rules the flexibility increases without reducing security. The wide-spread introduction of mobile devices makes more and more context information available, and promising technical authorization standards driven by factors such as cloud computing are just about ready to make context enhanced authorization possible... Rabobank, IBM, and Novay are participating in a SII innovation project in order to identify the opportunities and challenges of context enhanced authorization. Goal of the project is to assess the feasibility of the use of context information to enhance authorization policy with a focus on employees in the banking sector..... The project also builds a demonstrator to validate whether context enhanced authorization is technically feasible given today's state-of-the-art technologies. The current generation of Identity & Access Management (IAM) suites enable individual applications to externalize their authorization decision logic. An upcoming standard making this possible is XACML.This technology promises to be an important component of the solution, though technical challenges may need to be tackled first before theses systems can process real-time context information. The demonstrator will most likely be built on top of an existing IAM product. http://www.novay.nl/okb/projects/context-enhanced-authorization/12435 http://www.novay.nl/our-people/maarten-wegdam/context-enhanced-authorization-usefulness-and-feasibility-for-the-banking-sector/67159 http://www.novay.nl/our-people/martijn-oostdijk/context-enhanced-authorization/67063 http://martijno.blogspot.com/2012/02/context-enhanced-authorization.html http://martijno.blogspot.com/2012/02/xacml-with-tivoli-security-policy.html http://www.novay.nl/digital-identity [2] White Paper Feasibility of Context-Enhanced Authorization in the Banking Sector By: Bob Hulsebosch, Martijn Oostdijk, and Maarten Wegdam Novay (http://www.novay.nl) Final Version 2.0, January 30, 2012 25 pages https://doc.novay.nl/dsweb/Get/Document-133948 [3] YouTube CEA: Context-Enhanced Authorization A Novay Project, With Rabobank and IBM April 23, 2012 http://www.youtube.com/watch?v=lGUprbxJNvE "How context can be used to make authorization decisions more dynamic, e.g., depending on whether an employee is working from home or not. This video discusses the concept, gives an overview of a demonstrator in the banking sector and presents lessons learned of a feasibility study for a large Dutch bank... Access at home, on the way to work, at the office... [4] SURFnet Presentation XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced authorizations By Maarten Wegdam Presented April 26, 2012 As presented at the XACML seminar, 26 april 2012, at SURFnet (Utrecht, NL) by PIMN, CSA and PvIB. Presented the context-enhanced authorization project on usefullness and feasibility of using context to improve authz for a large Dutch bank. http://www.slideshare.net/wegdam/xacml-pilot-at-a-large-dutch-bank-using-xacml-to-implement-contextenhanced-authorizations [5] GOVCERT Symposium Slide Presentation Context-Enhanced Authorization GOVCERT Symposium 16 november 2011 Martijn Oostdijk http://www.govcert.nl/binaries/live/govcert/hst%3Acontent/symposium/symposium-2011/speakers/martijn-oostdijk-2011/martijn-oostdijk-2011/govcert%3AdocumentResource/govcert%3Aresource -- Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/people/staff/robin-cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]