D7.2 Open Source Software and Documentation Implementing the Design

December 2009 version (v1.0.1) of deliverable D7.2 (Open Source Software and Documentation Implementing the Design) is open to public comments, feedback and review !

All feedback welcome ! 

You could download it and publish comment from here:

http://www.tas3.eu/project/publications/download/wp7-identity-management-authentication-authorization/TAS3_D7p2_Open_Source_Software_V1p01.pdf/view

(you need to login first to put a comment)

---

Executive Summary

This document describes the open source software made available to the TAS3 project and the global community by the Information Systems Security Research Group of the University of Kent.
Within the realm of the TAS3 project, the group has made four software packages publicly available, each of which implement one or more TAS3 components. The currently available software packages are:
- A standalone authorisation server package which provides access control and credential validation functionality. This software package also provides limited Master PDP functionality as it is possible to configure the authorization web service with three different policy types: PERMIS policies, XACML policies and Trust Policies.
- The Secure Audit Trail for Web Services (SAWS) package which provides the functionality to create a secure audit trail of messages sent to it. The package also supports off-line searching of the audit trail.
- The Delegation Issuing Service (DIS) which empowers end users to dynamically delegate some of their attributes (privileges) to others in accordance with a delegation policy.
- The PERMIS Policy Editor (PE) which provides users with the ability to write PERMIS authorisation and delegation policies while being shielded from the underlying XML policy language. This software package has three modes of operation: one can use the Policy Wizard, the Controlled Natural Language Processing (CNLP) interface or the main GUI itself.
For the next releases of the software, we plan the enhancement and addition of the following features:
- The standalone authorisation server will see its obligation handling
capability (which is currently only in beta-state) enhanced; full support for Break The Glass authorization decisions will be added; the Master PDP functionality will be enhanced so as to support the dynamic creation of PDPs (needed for sticky policies) and use of a conflict resolution policy.
- The main enhancement to the SAWS package will be the addition of a web service based searching functionality with proper authorization and filtering of results built in.
- The Delegation Issuing Service will be enhanced to include the push mode of operation. Also, privacy preserving delegation (delegation by invitation) will be supported.
- The Policy Editor GUI is already quite mature. We only expect to make minor enhancements to the main GUI based on TAS3 user feedback. The CNLP engine on the other hand is very new and will be enhanced to allow different variants of existing sentences as well as new sentences to be parsed correctly, as a result of usability trials that are currently being undertaken.