Analysis of Federated Access Control Systems"Identity and Access Management" (IAM) aims to manage logins and personal information needed to access applications, resources and IT-systems within an organisation. Comprehensive IAM is divided into the following parts, among others: Access control, provisioning, synchronizing, entitlement and password management, federation, auditing, and compliance.
The Identity Management Systems (IdMS) in use put a different focus on the parts mentioned above. They reduce administrative effort and increase security.
Regarding entitlement management, a complete and system-wide view of people's entitlements is made difficult by the different access control mechanisms. The constraints are hard to recognize and break down.Project AnFACS's goal is to develop a system that displays dependencies both between the systems and in interaction with the IdMS in a standard way. To achieve this, existing access control systems are analysed and mapped with a uniform language, e.g. eXtensible Access Control Markup Language (XACML). Using the available IdMS connection, this creates a composed comprehensive picture of the current entitlement situation. An analysis is then used to show inconsistencies and conflicts between the intended entitlements and the actual situation. | Project manager:
Prof. i. R. Dr. Klaus Meyer-Wegener, Dipl.-Inf. Frank Tröger
Project participants:
Dipl.-Inf. Florian Klemenz
Keywords:
Identity and Access Management (IAM); Access Control; Entitlement Management; Federation
Duration: 1.2.2007 - 30.9.2012
Contact:
Tröger, Frank
|