|Analysis of Federated Access Control Systems|"Identity and Access Management" (IAM) aims to manage logins and personal information needed to access applications, resources and IT-systems within an organisation. Comprehensive IAM is divided into the following parts, among others: Access control, provisioning, synchronizing, entitlement and password management, federation, auditing, and compliance.
The Identity Management Systems (IdMS) in use put a different focus on the parts mentioned above. They reduce administrative effort and increase security.
Regarding entitlement management, a complete and system-wide view of people's entitlements is made difficult by the different access control mechanisms. The constraints are hard to recognize and break down.
Project AnFACS's goal is to develop a system that displays dependencies both between the systems and in interaction with the IdMS in a standard way. To achieve this, existing access control systems are analysed and mapped with a uniform language, e.g. eXtensible Access Control Markup Language (XACML). Using the available IdMS connection, this creates a composed comprehensive picture of the current entitlement situation. An analysis is then used to show inconsistencies and conflicts between the intended entitlements and the actual situation.
Prof. i. R. Dr. Klaus Meyer-Wegener, Dipl.-Inf. Frank Tröger
Dipl.-Inf. Florian Klemenz
Identity and Access Management (IAM); Access Control; Entitlement Management; Federation
Duration: 1.2.2007 - 30.9.2012