Governing Delegation of Authority within SOA Environments Using KAoS
Abstract
Within the Department of Defense (DoD), delegation of authority is the act by which a commander transfers part of his authority to a subordinate commander in order to complete an assigned task or carry out additional duties. Delegation is often limited to specific tasks or for specific time periods and is commonly governed by policies that specify what may be delegated, to whom it may be delegated, and under what circumstances delegation may occur. Policies may also dictate if a person may perform tasks for which he has been given the authority to delegate. KAoS is a powerful policy management system whose policies are represented in the Web Ontology Language (OWL), a standard language for semantic modeling. We have built a demonstration system, based on scenarios from an air operations center, which utilizes KAoS to govern delegation of authority in the context of web service access control. The KAoS policy language is expressive enough to support both attribute- and role-based authorization as well as both fine-grained and coarse-grained access control. We discuss the architecture of our demonstration system, describe the mechanisms for authorization of delegation actions and web service requests, and show how KAoS integrates with existing standards for web service modeling, implementation and security.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2011
- Accession Number
- ADA547077
Entities
People
- Andrzej Uszok
- James Milligan
- Jim Jacobs
- Robert L. Sedimeyer
Organizations
- Purdue University