Platform-Based Authorization Technologies

Computing platforms – such as Windows operating systems – traditionally support authorization to protect accesses to well-defined persistent objects, e.g., files. Operating system authorization is usually based on the model of Discretionary Access Control (DAC) and is realized via Access Control Lists (ACLs). These mechanisms do not satisfy the needs of applications that process resources at higher levels of abstraction than the operating system. Therefore, Microsoft introduced a new authorization framework – Authorization Manager (AzMan) – which is built on the Role-Based Access Control (RBAC) model. This book presents experiences with AzMan and investigates possible relations to other technologies, such as XACML and PCIM. The comparison focuses on AzMan versus XACML and leads to proposing integrated solutions to overcome identified deficiencies of AzMan. Prototype implementations are described and the usage of the technologies is demonstrated. Results are used to assess the viability of the technologies and future evolvement. This book is based on Filip Höfer''s diploma thesis, the covered topics are updated and extended.