OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [oasis-charter-discuss] Possible liaison/collaboration candidate for CloudAuthZ TC


I know Maarten Wegdam who has collaborated in this project. He spoke at the XACML seminar last April that I helped organize about this project. Let me know if you want me to contact him.


From: oasis-charter-discuss@lists.oasis-open.org [mailto:oasis-charter-discuss@lists.oasis-open.org] On Behalf Of Robin Cover
Sent: Sunday, October 07, 2012 4:26 PM
To: OASIS Charter Discuss List
Cc: Robin Cover
Subject: [oasis-charter-discuss] Possible liaison/collaboration candidate for CloudAuthZ TC

In connection with the CloudAuthZ TC proposal Scope section
1(c)-5 "TC will develop strong liaison relationships...":  one
additional candidate for consideration would be the Novay
Project called "CEA: Context-Enhanced Authorization"

Details: Yesterday I concluded an initial phase of investigation
for the proposed CloudAuthZ TC, and discovered a large
corpus of technical work that seems relevant, even if the
prospect of creating a generalized model for context-based
authorization and entitlement management seems like a
tall order.

The Novay Project, with summary below [1], made some
pilot investigations, detailed in a 25-page white paper [2].
The YouTube clip, however short, presents the key ideas.

At a minimum, the principal investigators in this Novay
Project may be able to contribute further insight into the
proposed TC's use cases, or participate in the technical

- Robin Cover

[1] Novay Project
   CEA: Context-Enhanced Authorization
   SII Innovation Project

Project Principals: Bob Hulsebosch, Ruud Kosman,
Martijn Oostdijk, Jaap Reitsma, Maarten Wegdam,
Martin Wibbels

Project Overview: "Context information can make
authorization management more flexible and more
secure. Knowing when and where users are, and
what they are up to helps in determining which
access rules to apply. There is an increasing need
for organizations, especially organizations in
the banking sector, to be more flexible while
maintaining the same level of security. The new
found flexibility can be used, for instance, to
enable new forms of working in which employees of
a bank need to be able to perform high-risk
transactions from different locations (home,
office, at a customer location etc.), at different
times of the day and using different devices...

The promise of context-enhanced authorization is
that by making the context information explicit
in authorization rules the flexibility increases
without reducing security. The wide-spread
introduction of mobile devices makes more and more
context information available, and promising
technical authorization standards driven by factors
such as cloud computing are just about ready to
make context enhanced authorization possible...

Rabobank, IBM, and Novay are participating in a
SII innovation project in order to identify the
opportunities and challenges of context enhanced
authorization. Goal of the project is to assess
the feasibility of the use of context information
to enhance authorization policy with a focus on
employees in the banking sector.....

The project also builds a demonstrator to validate
whether context enhanced authorization is technically
feasible given today's state-of-the-art  technologies.
The current generation of Identity & Access
Management (IAM) suites enable individual
applications to externalize their authorization
decision logic. An upcoming standard making this
possible is XACML.This technology promises to be
an important component of the solution, though
technical challenges may need to be tackled first
before theses systems can process real-time context
information. The demonstrator will most likely be
built on top of an existing IAM product.


[2] White Paper
Feasibility of Context-Enhanced Authorization in the Banking Sector
By: Bob Hulsebosch, Martijn Oostdijk, and Maarten Wegdam
Novay (http://www.novay.nl)
Final Version 2.0, January 30, 2012
25 pages

[3] YouTube
CEA: Context-Enhanced Authorization
A Novay Project, With Rabobank and IBM
April 23, 2012
"How context can be used to make authorization decisions
more dynamic, e.g., depending on whether an employee is
working from home or not. This video discusses the concept,
gives an overview of a demonstrator in the banking sector
and presents lessons learned of a feasibility study for
a large Dutch bank... Access at home, on the way to work,
at the office...

[4] SURFnet Presentation
XACML pilot at a large Dutch bank, Using XACML to implement
context-enhanced authorizations
By Maarten Wegdam
Presented April 26, 2012
  As presented at the XACML seminar, 26 april 2012, at SURFnet
  (Utrecht, NL) by PIMN, CSA and PvIB. Presented the
  context-enhanced authorization project on usefullness and
  feasibility of using context to improve authz for a
  large Dutch bank.

[5] GOVCERT Symposium
Slide Presentation
Context-Enhanced Authorization
GOVCERT Symposium
16 november 2011
Martijn Oostdijk

Robin Cover
OASIS, Director of Information Services
Editor, Cover Pages and XML Daily Newslink
Email: robin@oasis-open.org
Staff bio: http://www.oasis-open.org/people/staff/robin-cover
Cover Pages: http://xml.coverpages.org/
Newsletter: http://xml.coverpages.org/newsletterArchive.html
Tel: +1 972-296-1783

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]