Implementing Role Based Access Controls using X.509 Privilege Management - the PERMIS Authorisation Infrastructure

Abstract

This paper describes the PERMIS role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users roles. Users roles can be assigned by multiple widely distributed management authorities (called Attribute Authorities in X.509), thereby easing the burden of management. All the ACs can be stored in one or more LDAP directories, thus making them widely available. The PERMIS distribution includes a Privilege Allocator GUI tool, and a bulk loader tool, that allow administrators to construct and sign ACs and store them in an LDAP directory ready for use by the PERMIS decision engine. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity and trustworthiness. Authorization policies are written in XML according to a DTD that has been published at XML.org. A user friendly policy management tool is also being built that will allow non- technical managers to easily specify PERMIS authorisation policies. The access control decision engine is written in Java and has both a Java API and SAML-SOAP interface, allowing it to be called either locally or remotely. The Java API is simple to use, comprising of just 3 methods and a constructor. The SAML-SOAP interface conforms to the OASIS SAMLv1.1 specification, as profiled by a Global Grid Forum draft standard, thus making PERMIS suitable as an authorisation server for Grid applications