Enabling the Autonomic Management of Federated Identity Providers

The autonomic management of federated authorization infrastructures (federations) is seen as a means for improving the monitoring and use of a service provider’s resources. However, federations are comprised of independent management domains with varying scopes of control and data ownership. The focus of this paper is on the autonomic management of federated identity providers by service providers located in other domains, when the identity providers have been diagnosed as the source of abuse. In particular, we describe how an autonomic controller, external to the domain of the identity provider, exercises control over the issuing of privilege attributes. The paper presents a conceptual design and implementation of an effector for an identity provider that is capable of enabling cross-domain autonomic management. The implementation of an effector for a SimpleSAMLphp identity provider is evaluated by demonstrating how an autonomic controller, together with the effector, is capable of responding to malicious abuse

Database Access Point Security (DAPS)

BNP Paribas has adopted an IT security policy that prohibits direct access to company databases from client applications. To ensure that the company remains compliant with security standards, our team implemented a low-maintenance, highly-scalable, authentication service that serves as the mediator between client applications and databases. This middleware interacts with databases to process and relay data, as well as ensures that users are authenticated and authorized to perform the actions that they request. Our team simultaneously developed a responsive, user-friendly web application that system administrators can use to manage user roles for the authorization process. These services are anticipated to serve as the basis for the solution that BNP Paribas deploys company-wide