Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
What AMANDA offers: A comparative case study describing a flexible and decentralised approach for Authorisation Management
RISE - Research Institutes of Sweden, ICT, SICS.
2002 (English)Report (Other academic)
Abstract [en]

In this thesis the term Authorisation Management (AM) refers to a process that begins in the real world when a decision is made concerning the delegation of authorisations. Such a decision is governed by policies. The process ends when the decision has been implemented within some computerised control mechanism in the IT-world. Today most of this process takes place in the real world. The authorisation-decision typically takes the form of a signed piece of paper that somehow is communicated to an administrator. The administrator then implements this decision, made by someone else. Besides enabling the implementation of an authorisation-decision, the process does not add any value to an organisation. It is manual, slow, involves several people and each time a decision is made, the whole process has to be initiated and performed. Further, the decision has to be expressed and implemented in terms of existing models and mechanisms and only the administrator interacts with the computerised control-mechanism in the IT-world. No widely used alternative exists. In a project named AMANDA (Authorisation Management for Distributed Applications) at the Swedish Institute of Computer Science (SICS) an alternative is being developed. AMANDA offers a mechanism that will allow AM to be decentralised in accordance with the ordinary chain of command. Using a graphical user interface, the decision-maker will implement his decision and it will take effect immediately. AMANDA will be flexible and will closely map and represent real world policies. Assuming the existence of a Public Key Infrastructure, attribute certificates are used to delegate authorisations, if needed in several steps. This thesis examines how AMANDA could simplify and improve AM. The theoretical part of this thesis describes AMANDA and the foundation on which she rests. The empirical part consists of a case study in a specific setting. First, the actual AM-process of today, with respect to a specific application, is modelled and described. Then, the future AM-process using AMANDA is modelled and described. The results indicate that AMANDA would offer a more flexible, precise, fast and secure way of AM in accordance with the operational chain of command. Though not considered in the problem statement, another result is the finding that no approach seems to exist towards modelling and describing AM as a process of itÂ’s own. In order to perform the case study, ideas from enterprise modelling has been used to identify and understand the AM-process. Together with the Unified Modelling Language (UML), Enterprise Modelling has also inspired the notation used in the case study.

Place, publisher, year, edition, pages
Swedish Institute of Computer Science , 2002, 1. , p. 63
Series
SICS Technical Report, ISSN 1100-3154 ; T2002:16
Keywords [en]
Attribute Certificates, Authorisation Management, Authorisation Management process, Authorisation Management for Distributed Applications, AMANDA, Trust Management, real world, IT-world, authorisation, privilege, delegation, management-level power, power, empowerment, object-level permission, permission, enterprise modelling, Keon
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-22001OAI: oai:DiVA.org:ri-22001DiVA, id: diva2:1041543
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2018-12-17Bibliographically approved

Open Access in DiVA

fulltext(431 kB)159 downloads
File information
File name FULLTEXT01.pdfFile size 431 kBChecksum SHA-512
49c9cd7fbf3276b44501f525a026863ea1869a110c27966966d61cfdbe11709dbbaa064b1acc984f7fbbb1b1144a7e3faca900d6945193bc6334d0c8758d17cf
Type fulltextMimetype application/pdf

By organisation
SICS
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 159 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 80 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf